[New-bugs-announce] [issue27297] Add support for /dev/random to "secrets"
report at bugs.python.org
Sat Jun 11 14:34:35 EDT 2016
New submission from Larry Hastings:
Linux contains two separate sources for random numbers: /dev/urandom and /dev/random. On a reasonably-current Linux box, the urandom(4) man page states:
As a general rule, /dev/urandom should be used for
everything except long-lived GPG/SSL/SSH keys.
This seems to suggest that, in the eyes of its implementors, /dev/random returns ever-so-slightly superior random numbers, and that in certain limited circumstances you should prefer those.
AFAICT the secrets module doesn't make use of the /dev/random device on Linux. Should it? (Or, in the likely case that we make the getrandom() function directly callable, should it call getrandom(GRND_RANDOM)?)
p.s. FWIW, Linux's /dev/urandom isn't considered a true CPRNG in all circles. This paper declines to call it simply either a CPRNG or a PRNG, instead christening it with the unfamiliar term "PRNG with entropy inputs".
p.p.s. I went ahead and nosied the "cryptography" "interest category" from the nosy list. Neat!
components: Library (Lib)
nosy: christian.heimes, dstufft, gregory.p.smith, larry, steven.daprano
stage: test needed
title: Add support for /dev/random to "secrets"
versions: Python 3.6
Python tracker <report at bugs.python.org>
More information about the New-bugs-announce