On 22 Jun 2016, at 02:28, Nick Coghlan <ncoghlan@gmail.com> wrote:
Hi folks,
Over the weekend, Nathaniel Smith and I put together a proposal to allow security sensitive APIs (os.urandom, random.SystemRandom and the new secrets module) to throw BlockingIOError if the operating system's random number generator isn't ready.
In general I like this approach. One note inline below.
Limitations on scope --------------------
No changes are proposed for Windows or Mac OS X systems, as neither of those platforms provides any mechanism to run Python code before the operating system random number generator has been initialized. Mac OS X goes so far as to kernel panic and abort the boot process if it can't properly initialize the random number generator (although Apple's restrictions on the supported hardware platforms make that exceedingly unlikely in practice).
Similarly, no changes are proposed for other \*nix systems where ``os.urandom()`` will currently block waiting for the system random number generator to be initialized, rather than returning values that are potentially unsuitable for use in security sensitive applications.
You may want to be careful around this point. Solaris provides a getrandom() syscall as well, that Python *does* use. Furthermore, if other *nix OSes provide a getrandom() syscall then the current Python code will favour it over the urandom fallback: care should be taken to clarify what the expected plan is in these cases. Cory