Hi Anh, On Wed, Oct 7, 2009 at 11:15 AM, Anh Hai Trinh <[email protected]>wrote:
> > On Oct 7, 4:07 pm, "Nick Johnson (Google)" <[email protected]> > wrote: > > Hi Anh, > > Good question! There's nothing built directly in, but you have several > > options: > > - You can implement, or use an existing implementation of a well known > > cryptographically secure PRNG, such as Blum Blum Shub. > > - You can make use of one of the block ciphers provided by pycrypto to > > generate a PRNG stream - just use it in CTR mode with a random key as > seed > > data. > > - You can make use of a secure hash from the hashlib module - again, > start > > with a random input and increment it for each block of random data. > > > > Dear Nick, > > How would you advise implementing any of these approaches in > AppEngine. It is difficult because the random number is usually > needed as a nonce (not en mass, like in a simulation) and therefore > we'll need to maintain the state of the RNG, which is impossible since > we can't have long running process in AppEngine. Maybe we can store > the counter in the Datastore, and it'll need to be sharded, possibly > memcached, and will need to deal with timeout, etc. It is always > tricky to roll our own cryptographic implementation, of any kind, > securely. > Depending on what you need the nonce for, you could simply construct a value from a secret key you include with the app, the ID of the user or record it's for, and something ephemeral such as the current time, then hash the value with a secure hash function to generate the nonce. This is secure as long as the secret key remains confidential. -Nick Johnson > > -- Nick Johnson, Developer Programs Engineer, App Engine Google Ireland Ltd. :: Registered in Dublin, Ireland, Registration Number: 368047 --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---
