New submission from Christian Heimes <lists@cheimes.de>: The comment for Python/random.c:_PyOS_URandom() states
Fill buffer with size pseudo-random bytes, not suitable for cryptographic use, from the operating random number generator (RNG).
which is not correct as all paths use a RNG that is suitable for most cryptographic purposes except long living private keys for asymmetric encryption. Also the function isn't documented although it's an official API function and plays a vital role on the new hash randomization. ---------- assignee: docs@python components: Documentation messages: 164218 nosy: christian.heimes, docs@python, haypo, pitrou priority: low severity: normal status: open title: _PyOS_URandom documentation versions: Python 3.3 _______________________________________ Python tracker <report@bugs.python.org> <http://bugs.python.org/issue15213> _______________________________________