[Security-sig] PEP: Make os.urandom() blocking on Linux (version 2)
Victor Stinner
victor.stinner at gmail.com
Fri Jun 24 18:48:08 EDT 2016
2016-06-24 15:38 GMT+02:00 Barry Warsaw <barry at python.org>:
>>Expected usage to write portable code::
>>
>> def my_random(n):
>> if hasattr(os, 'getrandom'):
>> return os.getrandom(n, 0)
>> return os.urandom(n)
>
> I would actually expect that this would be handled in the secrets module, so
> the recommendation would be that most users wouldn't use os.urandom() or
> os.getrandom() unless they specifically wanted the low-level functions and
> knew what they were doing. Thus, "expected usage to write portable code"
> would be to use secrets.token_bytes().
Oh ok. I will update this section.
Victor
More information about the Security-SIG
mailing list