[issue29790] Optional use of /dev/random on linux
Nick Coghlan
report at bugs.python.org
Sat Mar 11 08:45:18 EST 2017
Nick Coghlan added the comment:
To provide some additional context to that answer: the problem isn't with folks wanting direct access to their hardware entropy devices as such.
There are plenty of options for that (such as exposing it as a file descriptor distinct from both /dev/random and /dev/urandom), but going through /dev/random (or calling "os.getrandom(n, os.GRND_RANDOM)") isn't one of them.
Instead, /dev/random consumes the same kernel CSPRNG that /dev/urandom does, it just adds an extra check to make it block when the kernel's collected entropy estimate happens to be low.
So this isn't something we want to expose or explain to Python users in general - instead, it's something that only folks doing highly specialised work involving hardware security modules might be interested in, and hence can be safely left to third party tools and frameworks, rather than being something that would ever be shipped by default as part of the reference interpreter and standard library.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue29790>
_______________________________________
More information about the Python-bugs-list
mailing list