I had not seen the later replies before answering. My apologies.
The way I've always understood urandom is exactly that. It's
"probably" unpredictable but there's no actual proof of this, like
there would be if you used for example Blum Blum Shub.
I'm sure there are multiple implementations of cryptographically
secure PRNGs floating around. I think I even have one in Java. I
suspect they are much slower than urandom though.
Citat af Thomas P Jakobsen <thomas....@gmail.com>:
The urandom is os-specific:
"This function returns random bytes from an OS-specific randomness
source. The returned data should be unpredictable enough for
cryptographic applications, though its exact quality depends on the OS
implementation. On a UNIX-like system this will query /dev/urandom,
and on Windows it will use CryptGenRandom."
I don't know whether this will be good enough. If not, I guess we'll
have to use some external package (openssl?) or implement our own
algorithm.
Regards,
Thomas
On Tue, Jul 6, 2010 at 15:40, Ivan Bjerre Damgård <i...@cs.au.dk> wrote:
It is not good to use the wrong kind of PRG, it should
be fixed as soon as possible. But do we know that
os.urandom will be OK on any platform, or is this
OS -dependent at the end of the day?
- Ivan
On 06/07/2010, at 15.22, Thomas P Jakobsen wrote:
VIFF itself as well as most protocols implemented in VIFF uses the
viff.util package for random number generation. This package in turn
uses the random package in the Python standard library. This means
that random numbers are generated using a Mersenne twister.
As far as I can see, this is a problem, since Mersenne twister PRNGs
are generally not suited for cryptographic usage. E.g. it is not known
to pass the "next-bit test" and withstand the "state compromise
extensions", see
http://en.wikipedia.org/wiki/Cryptographically_secure_pseudorandom_number_generator.
One solution would be to use the os.urandom() function instead. This
has specifically been designed to produce cryptographically secure
random numbers.
(We should probably keep the old random generator, too. It is probably
faster and not all random numbers used in VIFF and VIFF programs need
to be cryptographically secure.)
Let me know what you think about this.
Kind regards,
Thomas
_______________________________________________
viff-devel mailing list (http://viff.dk/)
viff-devel@viff.dk
http://lists.viff.dk/listinfo.cgi/viff-devel-viff.dk
_______________________________________________
viff-devel mailing list (http://viff.dk/)
viff-devel@viff.dk
http://lists.viff.dk/listinfo.cgi/viff-devel-viff.dk
_______________________________________________
viff-devel mailing list (http://viff.dk/)
viff-devel@viff.dk
http://lists.viff.dk/listinfo.cgi/viff-devel-viff.dk
