> First off, why str(random.random())? This effectively limits entropy
> to 0-9 and a dot.
your use of entropy is a bit odd: str(random.random()) can return 1e12
different strings (which is, afaik, more than the underlying random
number generator can produce).
</F>
> your use of entropy is a bit odd: str(random.random()) can return 1e12
> different strings (which is, afaik, more than the underlying random
> number generator can produce).
Yes, I didn't really communicate my concern.
If you do simple statistical analysis of the bits returned, you'll
quickly notice patterns - and if I understand hashing correctly, there
ought to be better distribution for more varying input (though this
depends on the algorithm.)
However, the str(random.random()) doesn't matter as much as the usage
of get_hexdigest - THAT limits the possible salts to 5 ** 16, while my
proposition limits it to 5 ** 62. That's a difference of
21684043449710088680149056017398681640625000 combinations, unless I
suck at maths (tm).
Ludvig Ericson
ludvig....@gmail.com
Actually, it's the difference between 16 ** 5 and 62 ** 5, which is
only about 900,000,000. But I agree: unless there's some reason to be
using hex numbers, the salt shouldn't be limited like that. Have you
submitted a patch?
-Ian
Oh yeah, of course.
I submitted ticket #9101 with a patch attached, tested the gist of it
on Python 2.3 as well.
Ludvig "toxik" Ericson
ludvig....@gmail.com