2016-06-23 23:27 GMT+02:00 Victor Stinner <victor.stinner@gmail.com>:
Use Case 1: init script -----------------------
Use a Python 3 script to initialize the system, like systemd-cron. If the script blocks, the system initialize is stuck too.
The issue #26839 is a good example of this use case.
For me, such script must not require secure secret. An application which require to generate a secure secret must run later, when the system is fully initialized. What do you think?
Use Case 2: web server ----------------------
Run a Python 3 web server serving web pages using HTTP and HTTPS protocols. The server is started as soon as possible.
The first target of the hash DoS attack was web server: it's important that the hash secret cannot be easily guessed by an attacker.
Maybe I should elaborate this point to explain that the specific case of hash secret is more in the practicability side than on the security side. *IMO* reading the non-blocking /dev/urandom is enough for the hash secret. From what I read, even if the system urandom is not considered as initialized, urandom is able to generate "good enough" entropy. So the hash secret is not easily predictable. Maybe I should read Ted Tso's emails to elaborate this point ;-)
Embedded devices ----------------
A solution for embedded devices is to plug an hardware RNG.
Honestly, I'm not fully convinced by my own solution :-) I'm not sure that all embedded devices are "extensible". Victor