[pycrypto] the sad state of pycrypto
Dwayne C. Litzenberger
dlitz at dlitz.net
Sun Nov 9 08:08:43 CST 2008
On Sat, Nov 08, 2008 at 04:18:51PM -0430, Stefan Spoettl wrote:
> 4.. Random generator
> Sorry Dwanye, I disagree with you. A cryptographic library has to offer
> a cryptographic secure random generator. Without that the library is not
> useful at all.
Actually, it looks like you agree with me.
PyCrypto (in the git repository) now has a very simple CSPRNG API. You can
write code like this:
from Crypto import Random
rng = Random.new() # returns a file-like object
x = rng.read(16) # read 16 bytes of RNG data
You can also instantiate Crypto.Random.RandomPoolCompat, and use that in
the place of old code that expects the RandomPool API.
On the back-end of this, we have the Fortuna PRNG (which runs AES in
counter mode), seeded by the operating system, by time.time() and by
time.clock() (see Random/_UserFriendlyRNG.py). The code is kind of ugly,
and more complex than I really would like, but that's what happens when we
try to implement a robust PRNG in a library.
A strong PRNG realistically needs to be provided by the operating system,
or at least by a long-running process. Doing it in PyCrypto is much more
error-prone: PyCrypto has to deal with users invoking os.fork() (thus
duplicating the RNG state), access from multiple threads, the lack of
permanent storage, and the fact that Python's immutable strings meands that
secret data are copied to several places in memory over the life of the
process. It also has to be portable, making it difficult to use
platform-specific sources of entropy. A stand-alone RNG would not have to
deal with any of these problems.
Having said that, people still need to generate strong random numbers, and
experience with RandomPool shows that they're going to get it wrong unless
the library provides a robust API to do it for them. That's the idea
behind Crypto.Random.new().
--
Dwayne C. Litzenberger <dlitz at dlitz.net>
Key-signing key - 19E1 1FE8 B3CF F273 ED17 4A24 928C EC13 39C2 5CF7
Annual key (2008) - 4B2A FD82 FC7D 9E38 38D9 179F 1C11 B877 E780 4B45
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://lists.dlitz.net/pipermail/pycrypto/attachments/20081109/7547df22/attachment.pgp
More information about the pycrypto
mailing list