pythonsecurityrandommersenne-twister

Why is random.random() not secure in Python?


I came across this question on Stack overflow: How to randomly selection item from a list in Python and they mentioned that it is not suitable for cryptographic/security purposes.

So, I found this page in the official documentation: random - Generate pseudorandom numbers

It mentions that they use a Mersenne twister to generate random numbers.

Isn't Mersenne twister supposed to be a pretty decent random generator (at least that's what I was told in class)? So why can you not use it for security purposes?


Solution

  • Mersenne twister does a decent job of mimicking statistical properties(*) of randomness, but it is a deterministic algorithm. If two copies are set to the same state, they will produce identical results in synchronization. That means that for crypto/security applications your security is shot if an attacker can determine your initial state. I've read that for MT this can be done by knowledgeable people after six hundred and some sequential observations.

    Bottom line - use it for Monte Carlo sampling or stochastic models, but not for crypto.

    (*) - Actually, Pierre L'Ecuyer, who is considered one of the foremost researchers on pseudo-random number generation, is not a fan of MT even for Monte Carlo usage. He has shown that while the full cycle is uniformly distributed, zeros in the the internal state tend to be persistent and the generator can get "stuck" for sizeable sub-periods in non-uniform subsequences. He collaborated with the creator of Mersenne Twister to fix these issues in the WELL generator.