On Sat, Sep 12, 2015 at 12:28 AM, Cory Benfield wrote:
On 11 September 2015 at 14:36, Steven D'Aprano wrote:
Is this a trick question?

In the absence of any credible attack on the password based on how it
was generated, of course it is safe.
I feel like I must have misunderstood you Steven. Didn't you just
exclude the attack vector that we're discussing here?

What we are saying is that a deterministic PRNG definitionally allows
attacks on the password based on how it was generated.

Only if an attacker can access many passwords generated from the same
MT stream, right? If the entire program is as was posted (importing
random and using random.choice(), then terminating), then an attack
would have to be based on the seeding of the RNG, not on the RNG
itself. There simply isn't enough content being generated for you to
be able to learn the internal state, and even if you did, the next run
of the program will be freshly seeded anyway.


Search Discussions

Discussion Posts


Follow ups

Related Discussions



site design / logo © 2018 Grokbase