[issue26839] Python 3.5 running on Linux kernel 3.17+ can block at startup or on importing the random module on getrandom()
Donald Stufft
report at bugs.python.org
Tue Jun 7 16:07:35 EDT 2016
Donald Stufft added the comment:
> Once this has been done, it will never block again, and happily send you poor random data if the entropy pool has been completely wiped of any entropy data - without telling you.
This doesn't actually happen in real life, once urandom has been initialized you will never be able to get "poor random" out of it. You will get cryptographically secure random out of it always. *ACTUAL* Cryptographers pretty much universally agree on this statement. You can even use them for cryptographic keys, no matter how long it's been since your system booted as long as the urandom pool has had a chance to initialize.
> Or put differently: Where is the attack vector that blocking behavior of
os.urandom() would help remedy ?
Someone attempting to use cryptographic random before the urandom pool has been sufficiently initialized to provide said random.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue26839>
_______________________________________
More information about the Python-bugs-list
mailing list