<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix"><br>
On 06/11/2016 12:49 AM, Steven D'Aprano wrote:<br>
</div>
<blockquote cite="mid:20160611074943.GM27919@ando.pearwood.info"
type="cite">
<pre wrap="">Will there be platforms where os.getrandom doesn't exist? If not, then
secrets can just rely on it, otherwise what should it do?
if hasattr(os, 'getrandom'):
return os.getrandom(n)
else:
# Fail? Fall back on os.urandom?
</pre>
</blockquote>
<br>
AFAIK:<br>
<ul>
<li>Only Linux and Solaris have getrandom() right now. IIUC
Solaris duplicated Linux's API, but I don't know that for
certain, and I don't know in particular what GRND_RANDOM does on
Solaris. (Of course, you don't need GRND_RANDOM for
secrets.token_bytes().)<br>
</li>
<li>Only Linux and OS X have never-blocking /dev/urandom. On
Linux, you can choose to block by calling getrandom(). On OS X
you have no choice, you can only use the never-blocking
/dev/urandom. (OS X also has a /dev/random but it behaves
identically to /dev/urandom.) OS X's man page reassuringly
claims blocking is never necessary; the blogosphere disagrees.<br>
</li>
</ul>
If I were writing the function for the secrets module, I'd write it
like you have above: call os.getrandom() if it's present, and
os.urandom() if it isn't. I believe that achieves
current-best-practice everywhere: it does the right thing on Linux,
it does the right thing on Solaris, it does the right thing on all
the other OSes where reading from /dev/urandom can block, and it
uses the only facility available to us on OS X.<br>
<br>
<br>
<i>/arry</i><br>
<br>
</body>
</html>