Steven D'Aprano wrote: > Mike Meyer wrote: >>BSD as well. The key word is "one". While network events don't make a >>good source of random data, proplery combining such sources can create >>good random data. > > <pedant> > > Depends on what you mean by "random". In particular, > the randomness of network events does not follow a > uniform distribution, but then not many things do. > Uniformly distributed random data is what you want for > cryptography. If you are modelling physical events, you > might want some other distribution, e.g. normal (bell > curve), Poisson, exponential, binomial, geometric, > hypergeometric, and so forth. > > I have no idea what distribution data from the Internet > would have, I would imagine it is *extremely* > non-uniform and *very* biased towards certain values > (lots of "<" and ">" I bet, and relatively few "\x03"). > But, for the sake of the argument, if that's the random > distribution that you actually need, then the Internet > would be a good source of randomness.
No, it works just fine as a source of randomness. It does not work as a stream of uniform random bytes, which is a different thing altogether (and to be fair, Mike made that distinction fairly clearly). It's perfectly good as one of many sources to draw on to rekey a cryptographically strong PRNG, though. C.f. http://en.wikipedia.org/wiki/Fortuna_(PRNG) -- Robert Kern [EMAIL PROTECTED] "In the fields of hell where the grass grows high Are the graves of dreams allowed to die." -- Richard Harter -- http://mail.python.org/mailman/listinfo/python-list
