Matthias Andreas Benkard wrote:
At first, I was a bit stunned about the choice of name here. Why would anyone call this method urandom()? That confused me a bit, for, AFAICS, under Linux at least, /dev/random is the entropy pool and /dev/urandom is a PRNG (or rather, a source of random numbers which falls back to a PRNG when the entropy pool runs out of numbers).
That is not true. It doesn't first exhaust the pool and then falls back to PRNG. Instead, it gradually moves to a PRNG, depending on the amount of entropy in the pool. The values returned are still cryptographically secure, except in purely theoretical cases (where a lot of entropy is drawn from random or urandom, and nothing is filled in).
Now I'm really confused. Does os.urandom() use /dev/urandom under Linux?
Yes, it does.
That's what help(os.urandom) says:
urandom(n) -> str Return a string of n random bytes suitable for cryptographic use.
So it should be using /dev/random rather than /dev/urandom, shouldn't it?
No, it shouldn't. /dev/random may block, which os.urandom() will not. The name urandom deliberately tells users that there is a theoretical flaw (which is practically irrelevant). If users cannot stand the theoretical flaw, they need to use /dev/random (which also has theoretical flaws that just happen to be even less practically relevant). In that case a) they have to accept that reading /dev/random might block indefinitely, and b) their code will become more system-dependent. Regards, Martin