我们可以使用集合来获得更多随机性吗?
can we use sets for more randomness?
python 随机模块使用时间作为种子(对吧?),这是可以预测的,集合是随机显示的所以如果我们同时使用集合和随机模块和时间模块,会不会导致更多的随机性?它是不是更不可预测?
这样的代码:
import random
from typing import Union
import time
def get_random_item(iterator: Union[set, list, tuple], seed=None):
iterator = set(iterator)
if seed is None:
seed = time.time() / 10 ** (len(str(int(time.time()))) - 1)
seed = int(((seed ** seed ** random.random() ** random.random()) * (10 ** random.randrange(9, 16))) % len(iterator))
return list(iterator)[seed]
1- 阅读有关随机模块限制的文档:random
Warning
The pseudo-random generators of this module should not be used for
security purposes. For security or cryptographic uses, see the secrets
module.
2- 阅读 secrets
文档(重点是我的):
The secrets module is used for generating cryptographically strong
random numbers suitable for managing data such as passwords, account
authentication, security tokens, and related secrets.
In particular, secrets should be used in preference to the default
pseudo-random number generator in the random module, which is designed
for modelling and simulation, not security or cryptography.
3- 请记住,尝试发明自己的密码学 通常 几乎总是 a bad idea(除非你有专业知识为此)
4-总结
- 不要使用集合来尝试以加密安全的方式提高随机性
- 在需要安全性时使用经过验证的解决方案
python 随机模块使用时间作为种子(对吧?),这是可以预测的,集合是随机显示的所以如果我们同时使用集合和随机模块和时间模块,会不会导致更多的随机性?它是不是更不可预测?
这样的代码:
import random
from typing import Union
import time
def get_random_item(iterator: Union[set, list, tuple], seed=None):
iterator = set(iterator)
if seed is None:
seed = time.time() / 10 ** (len(str(int(time.time()))) - 1)
seed = int(((seed ** seed ** random.random() ** random.random()) * (10 ** random.randrange(9, 16))) % len(iterator))
return list(iterator)[seed]
1- 阅读有关随机模块限制的文档:random
Warning
The pseudo-random generators of this module should not be used for security purposes. For security or cryptographic uses, see the
secrets
module.
2- 阅读 secrets
文档(重点是我的):
The secrets module is used for generating cryptographically strong random numbers suitable for managing data such as passwords, account authentication, security tokens, and related secrets.
In particular, secrets should be used in preference to the default pseudo-random number generator in the random module, which is designed for modelling and simulation, not security or cryptography.
3- 请记住,尝试发明自己的密码学 通常 几乎总是 a bad idea(除非你有专业知识为此)
4-总结
- 不要使用集合来尝试以加密安全的方式提高随机性
- 在需要安全性时使用经过验证的解决方案