[Python-Dev] Should we use getentropy() for os.urandom()?
Donald Stufft
donald at stufft.io
Sat Sep 5 01:29:47 CEST 2015
On September 4, 2015 at 7:08:36 PM, Guido van Rossum (guido at python.org) wrote:
> I'm no expert, but from the bug report and the man page you quoted it does
> sound like getentropy() should only be used to seed a PRNG. It also sounds
> like reading /dev/[u]random should be considered a PRNG. For evidence, the
> man page on OS X says: "The random device produces uniformly distributed
> random byte values of potentially high quality." It goes on to describe the
> difference between the two on Linux (where urandom produces lower quality
> when it runs out of entropy while random apparently blocks). It does sound
> like we should not call getentropy() except to get a good seed for our own
> PRNG.
I don't recall the difference between getentropy and getrandom but
/dev/(u)random are basically the exact same except /dev/random tries to gues
how "random" it’s numbers are. The manpage for /dev/(u)random is basically
wrong. (See http://www.2uo.de/myths-about-urandom/ and
http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/).
Someone who remembers what getentropy implements would have to chime in on
whether we should use it or not, but getrandom is basically a better form of
/dev/urandom.
-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
More information about the Python-Dev
mailing list