Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Verify that passing random.Random.seed a str is okay #7

Open
lvh opened this issue Jan 20, 2014 · 0 comments
Open

Verify that passing random.Random.seed a str is okay #7

lvh opened this issue Jan 20, 2014 · 0 comments
Labels
review

Comments

@lvh
Copy link
Member

lvh commented Jan 20, 2014

Right now, when you ask exercises.Secret to give you a non-secure PRNG, it derives a key (str) and passes it to random.Random.seed. It has the wonderful API that lets you pass in anything hashable; but it's not clear just how much entropy survives. Since this is explicitly NOT for cryptographically secure PRNG purposes, we probably don't really care, but this might be interesting information for other people.

Right now, the str hashing algorithm in CPython is FNV-1; see detailed description in PEP 456.

So then I guess we have to care what Py_uhash_t is, and how big the seed is for the MT variant Python uses on 64 bit machines, and, perhaps most importantly, how much bias FNV-1 introduces.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
review
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lvh