[issue9123] insecure os.urandom on VMS
STINNER Victor
report at bugs.python.org
Fri Apr 13 11:58:31 CEST 2012
STINNER Victor <victor.stinner at gmail.com> added the comment:
> This issue is a security vulnerability.
I disagree, it's just an issue of a comment in the C code. The Python documentation doesn't guarantee that os.urandom() is cryptographic.
Use ssl.RAND_bytes(), added to Python 3.3, if you need cryptographic random numbers.
By the way, VMS is no more supported in Python 3.3, see the PEP 11:
Name: VMS
Unsupported in: Python 3.3
Code removed in: Python 3.4
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue9123>
_______________________________________
More information about the Python-bugs-list
mailing list