[issue26839] Python 3.5 running on Linux kernel 3.17+ can block at startup or on importing the random module on getrandom()
Donald Stufft
report at bugs.python.org
Tue Jun 7 10:09:10 EDT 2016
Donald Stufft added the comment:
> I have no objection to *deliberate* invocations of the system RNG blocking if needed. Presumably this behavior can be codified into the various APIs.
>
> My objection is *entirely* to _PyRandom_Init() calling a potentially-blocking RNG source, before script parsing even begins.
It sounds like we might (somehwat?) be in violent agreement then.
If someone calls os.urandom() (or calls something that causes it to be called, e.g. secrets.py, random.SystemRandom, etc) then they should not get randomness from an un-initialized /dev/urandom by default. I have a preference for blocking until randomness is available, but an exception would be OK too.
I have no problem with the interpreter start up not blocking on entropy because no user invoked code caused that, and the security properties of SipHash that need really good random only really matter for long lived processes that processes a lot of user input-- IOW stuff that's unlikely to be started prior to the pool being initialized.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue26839>
_______________________________________
More information about the Python-bugs-list
mailing list