On 06/11/2016 12:49 AM, Steven D'Aprano wrote:
Will there be platforms where os.getrandom doesn't exist? If not, then secrets can just rely on it, otherwise what should it do?
if hasattr(os, 'getrandom'): return os.getrandom(n) else: # Fail? Fall back on os.urandom?
AFAIK: * Only Linux and Solaris have getrandom() right now. IIUC Solaris duplicated Linux's API, but I don't know that for certain, and I don't know in particular what GRND_RANDOM does on Solaris. (Of course, you don't need GRND_RANDOM for secrets.token_bytes().) * Only Linux and OS X have never-blocking /dev/urandom. On Linux, you can choose to block by calling getrandom(). On OS X you have no choice, you can only use the never-blocking /dev/urandom. (OS X also has a /dev/random but it behaves identically to /dev/urandom.) OS X's man page reassuringly claims blocking is never necessary; the blogosphere disagrees. If I were writing the function for the secrets module, I'd write it like you have above: call os.getrandom() if it's present, and os.urandom() if it isn't. I believe that achieves current-best-practice everywhere: it does the right thing on Linux, it does the right thing on Solaris, it does the right thing on all the other OSes where reading from /dev/urandom can block, and it uses the only facility available to us on OS X. //arry/