On Tue, 3 Jan 2012 22:17:06 +0100 Victor Stinner <victor.stin...@gmail.com> wrote: > A randomized hash doesn't need cryptographic RNG (which are slow and > need a lot of new code), and the new hash function should maybe not be > cryptographic. We need to make the DoS more expensive for the > attacker, but we don't need to add "too much security" for that.
Agreed. > Mersenne Twister is useless here: it is only needed when you need to > generate a fast RNG to generate megabytes of random data, whereas we > will not need more than 4 KB. The OS RNG is just fine (fast enough and > not blocking). Have you read the following sentence: “Since some platforms may not have /dev/urandom, we need a PRNG in the core, too. I therefore propose to move the Mersenne twister from randommodule.c into the core, too.” Regards Antoine. _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
