[issue21470] Better seeding for the random module
Antoine Pitrou
report at bugs.python.org
Sun May 11 03:49:23 CEST 2014
Antoine Pitrou added the comment:
I'm not sure it is good practice to read that many bytes from /dev/urandom. Quoting the Linux man page for /dev/urandom:
The kernel random-number generator is designed to produce a small amount of
high-quality seed material to seed a cryptographic pseudo-random number gen‐
erator (CPRNG). It is designed for security, not speed, and is poorly
suited to generating large amounts of random data. Users should be very
economical in the amount of seed material that they read from /dev/urandom
(and /dev/random); unnecessarily reading large quantities of data from this
device will have a negative impact on other users of the device.
The (default?) entropy pool size under Linux is 4096 bytes, so reading 2500 bytes will deplete more than half of it, IIUC. Example:
$ cat /proc/sys/kernel/random/poolsize
4096
$ cat /proc/sys/kernel/random/entropy_avail
516
$ python -c "import os; os.urandom(300)"
$ cat /proc/sys/kernel/random/entropy_avail
160
----------
nosy: +neologix, pitrou
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue21470>
_______________________________________
More information about the Python-bugs-list
mailing list