[pycrypto] the sad state of pycrypto

Dwayne C. Litzenberger dlitz at dlitz.net
Sun Nov 9 08:08:43 CST 2008

On Sat, Nov 08, 2008 at 04:18:51PM -0430, Stefan Spoettl wrote:
>  4.. Random generator
>  Sorry Dwanye, I disagree with you. A cryptographic library has to offer 
>  a cryptographic secure random generator. Without that the library is not 
>  useful at all.

Actually, it looks like you agree with me.

PyCrypto (in the git repository) now has a very simple CSPRNG API.  You can 
write code like this:

     from Crypto import Random

     rng = Random.new()      # returns a file-like object
     x = rng.read(16)        # read 16 bytes of RNG data

You can also instantiate Crypto.Random.RandomPoolCompat, and use that in 
the place of old code that expects the RandomPool API.

On the back-end of this, we have the Fortuna PRNG (which runs AES in 
counter mode), seeded by the operating system, by time.time() and by 
time.clock() (see Random/_UserFriendlyRNG.py).  The code is kind of ugly, 
and more complex than I really would like, but that's what happens when we 
try to implement a robust PRNG in a library.

A strong PRNG realistically needs to be provided by the operating system, 
or at least by a long-running process.  Doing it in PyCrypto is much more 
error-prone: PyCrypto has to deal with users invoking os.fork() (thus 
duplicating the RNG state), access from multiple threads, the lack of 
permanent storage, and the fact that Python's immutable strings meands that  
secret data are copied to several places in memory over the life of the 
process.  It also has to be portable, making it difficult to use 
platform-specific sources of entropy.   A stand-alone RNG would not have to 
deal with any of these problems.

Having said that, people still need to generate strong random numbers, and 
experience with RandomPool shows that they're going to get it wrong unless 
the library provides a robust API to do it for them.  That's the idea 
behind Crypto.Random.new().

Dwayne C. Litzenberger <dlitz at dlitz.net>
  Key-signing key   - 19E1 1FE8 B3CF F273 ED17  4A24 928C EC13 39C2 5CF7
  Annual key (2008) - 4B2A FD82 FC7D 9E38 38D9  179F 1C11 B877 E780 4B45
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://lists.dlitz.net/pipermail/pycrypto/attachments/20081109/7547df22/attachment.pgp 

More information about the pycrypto mailing list