[docs] [issue27292] Warn users that os.urandom() prior to 3.6 can return insecure values
STINNER Victor
report at bugs.python.org
Fri Sep 9 03:01:00 EDT 2016
STINNER Victor added the comment:
> Though I imagine even Python 3.6’s os.urandom() will still fall back to /dev/urandom (with potential entropy problem) on older Linux versions.
Right, but you should be more specific in the doc.
os.urandom() is unsecure if and only if:
* getrandom() is not available (ex: Linux < 3.17, or Python built without getrandom() for different reasons) or don't work (ex: blocked by a stupid SECCOMP policy, ex: issue #27955)
* and /dev/urandom is not initialized yet which means that:
- the currently running Python runs very early during the system initialization,
- the system has no good source of entropy and slow entropy sources,
- no entropy was stored on the disk on a previous boot.
What I don't want: a doc warning that "oh hey, os.urandom() is unsafe, don't use it for anything serious".
os.urandom() is always secure on all platforms except Linux. On Linux, it's secure is almost all cases, except on a very few very tiny corner cases.
I proposed something like:
"On Linux, os.urandom() can return weak entropy when /dev/urandom is used internally and the system urandom entropy pool is not initialized yet."
I'm not even sure about "weak entropy" because in most cases, /dev/urandom is already partially initialized with good entropy, but just not enough to consider that it's fully initialized. Linux uses many entropy sources but don't trust them, so don't consider that these input data counts for the entropy counter.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue27292>
_______________________________________
More information about the docs
mailing list