[Security-sig] PEP 524: Make os.urandom() blocking on Linux (version 3)
Victor Stinner
victor.stinner at gmail.com
Fri Jul 29 17:37:47 EDT 2016
2016-07-29 20:29 GMT+02:00 Barry Warsaw <barry at python.org>:
>>The strict minimum is to implement os.getrandom() with a single call,
>>*but* retry the getrandom() call if it fails with EINTR and the Python
>>signal handler doesn't raise any exception. With this design, we don't
>>drop any collected byte. But os.getrandom() should be used with a loop
>>at the Python level.
>
> Yes, I'd opt for this. I definitely don't think we should be discarding
> entropy, and I think a Python-level loop should be just fine.
Ok, fine. I will elaborate this part of my PEP next time I will update it :-)
Victor
More information about the Security-SIG
mailing list