[issue30030] Simplify _RandomNameSequence
STINNER Victor
report at bugs.python.org
Thu Apr 20 08:18:33 EDT 2017
STINNER Victor added the comment:
"Generating every name consumes about 16 random bytes. This can exhaust the system entropy and slowdown other applications."
Crys and Alex_Gaynor confirmed me on IRC that these two assumptions are both wrong.
See for example https://www.2uo.de/myths-about-urandom/
Q: But that's good! /dev/random gives out exactly as much randomness as it has entropy in its pool. /dev/urandom will give you insecure random numbers, even though it has long run out of entropy.
A: Fact: No. Even disregarding issues like availability and subsequent manipulation by users, the issue of entropy “running low” is a straw man. About 256 bits of entropy are enough to get computationally secure numbers for a long, long time.
--
About performance, well, it's not exactly "wrong" but "inaccurate". Abusing /dev/urandom only hurt other applications which also abuse /dev/urandom. Such use case is very unlikely.
* The bad performance of concurrent /dev/urandom reader was analyzed by an old article of 2014, but see comments:
http://drsnyder.us/2014/04/16/linux-dev-urandom-and-concurrency.html
* The performance issue was fixed in Linux 4.8, https://github.com/torvalds/linux/commit/1e7f583af67be4ff091d0aeb863c649efd7a9112
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue30030>
_______________________________________
More information about the Python-bugs-list
mailing list