This has been originally published on tomcat.ranta.info on May 21, 2008.
I know I should be hard at work, but… it took only 10 minutes! And sometimes I should really scratch that programming itch when it comes along…
I don’t know about you, but I couldn’t help but think that PRNGs can’t be that bad. Or at least they wouldn’t be this bad in Linux, where timing and attributes of mouse and keyboard activity, disk I/O operations and specific interrupts are used as entropy sources.
So, I wrote my own little test script:
from PIL import Image, ImageColor, ImageDraw
im = Image.new(”RGB”, (512, 512))
draw = ImageDraw.Draw(im)
for y in range(0,512):
for x in range(0,512):
if random.choice([True, False]):
draw.point((x, y), fill=(255,255,255))
The following three pictures were made using this script:
Looks pretty random to me after all. Not at all as bad as the example pic shown in the mentioned article.
There are some things to note though:
- Both the original author and I could have made errors in coding
- Where in Windows, applications specifically need to use the crypto API for “good” random numbers, Python will use randomness sources of the operating system instead of the system time “[i]f randomness sources are provided by the operating system“.
- About the same: “On a UNIX-like system this will query /dev/urandom, and on Windows it will use CryptGenRandom“. I’m not sure PHP does the same thing.
So, maybe don’t take this as the last word on the matter.
However, it’s interesting to note that Linux will in most cases automatically use cryptographically secure randomness, although the downside is that this might use up the entropy pool which won’t be available for “real” cryptographic software afterwards.
blog comments powered by Disqus