[Security-sig] PEP 524: Make os.urandom() blocking on Linux (version 3)
Barry Warsaw
barry at python.org
Fri Jul 29 14:29:42 EDT 2016
On Jul 29, 2016, at 04:21 PM, Victor Stinner wrote:
>The strict minimum is to implement os.getrandom() with a single call,
>*but* retry the getrandom() call if it fails with EINTR and the Python
>signal handler doesn't raise any exception. With this design, we don't
>drop any collected byte. But os.getrandom() should be used with a loop
>at the Python level.
Yes, I'd opt for this. I definitely don't think we should be discarding
entropy, and I think a Python-level loop should be just fine.
Cheers,
-Barry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://mail.python.org/pipermail/security-sig/attachments/20160729/910a3653/attachment.sig>
More information about the Security-SIG
mailing list