[issue26839] Python 3.5 running on Linux kernel 3.17+ can block at startup or on importing the random module on getrandom()
Stefan Krah
report at bugs.python.org
Tue Jun 7 10:19:10 EDT 2016
Stefan Krah added the comment:
man urandom:
"A read from the /dev/urandom device will not block waiting for more entropy. As a result, if there is not sufficient entropy in the
entropy pool, the returned values are theoretically vulnerable to a cryptographic attack on the algorithms used by the driver.
Knowledge of how to do this is not available in the current unclassified literature, but it is theoretically possible that such an
attack may exist. If this is a concern in your application, use /dev/random instead."
There was never any guarantee on Linux. Python is a language and not an application. Security checks should be done by applications or better during the OS startup. Any properly configured Linux server will not have a problem, but it is not up to a language implementation to check for that.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue26839>
_______________________________________
More information about the Python-bugs-list
mailing list