[issue26839] Python 3.5 running on Linux kernel 3.17+ can block at startup or on importing the random module on getrandom()
STINNER Victor
report at bugs.python.org
Tue Jun 7 07:53:20 EDT 2016
STINNER Victor added the comment:
Cory Benfield: "For example, random.SystemRandom uses os.urandom to
generate its random numbers. SystemRandom is then used by the secrets
module to generate *its* random numbers. This means that os.urandom
*is* explicitly used by the Python standard library to generate
cryptographically secure random numbers. It was done so in part
expressly because the call to random() could block."
IMHO you should read http://www.2uo.de/myths-about-urandom/ which
explains that the property of blocking or not blocking doesn't matter
for the quality of the RNG. /dev/urandom is good enough to generate
crytographic keys. Can we please stay focused on the *uninitialized
entropy pool* case?
Please see my message:
https://bugs.python.org/issue26839#msg267612
"Reminder: getrandom() feature is specific to Linux. I understand that
all other operating systems don't warn if the urandom entropy pool is
not initialized yet!"
IMHO you are expecting too much from os.urandom(). *If* you consider
that secrets require an initialized entropy pool, IMHO you should help
Stephan to implement a function to retrieve the implementation of
os.urandom() and then take a decision *in the secrets module*. For
example, raise an exception. It's the best way to warn users that
something goes wrong. I don't think that *blocking* is a good choice.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue26839>
_______________________________________
More information about the Python-bugs-list
mailing list