[Python-Dev] Confusion about os.urandom()

Matthias Andreas Benkard mulk at gmx.net
Fri Nov 19 18:55:23 CET 2004


Hello there.

I was just reading through http://www.python.org/2.4/highlights.html and
noticed the following:

    os.urandom() has been added for systems that support a source of
    random data (entropy)

At first, I was a bit stunned about the choice of name here. Why would
anyone call this method urandom()? That confused me a bit, for, AFAICS,
under Linux at least, /dev/random is the entropy pool and /dev/urandom
is a PRNG (or rather, a source of random numbers which falls back to a
PRNG when the entropy pool runs out of numbers). So I would not expect a
method that is supposed to yield cryptographically secure random numbers
to be called `urandom()'.

Anyway, that might be non-intuitive (which is unusual in Python), but
certainly not a severe bug. But then I noticed that if I
rename /dev/urandom to something else (say, /dev/notrandomenough),
os.urandom() (in Python 2.4b2) raises a NotImplementedError:

Python 2.4b2 (#2, Nov 11 2004, 23:44:54)
[GCC 3.3.5 (Debian 1:3.3.5-2)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import os
>>> os.urandom(1)
Traceback (most recent call last):
  File "<stdin>", line 1, in ?
  File "/usr/lib/python2.4/os.py", line 693, in urandom
    raise NotImplementedError("/dev/urandom (or equivalent) not found")
NotImplementedError: /dev/urandom (or equivalent) not found
>>>

Now I'm really confused. Does os.urandom() use /dev/urandom under Linux?
Either my brain has got a serious bug that makes me misunderstand the
random(4) manpage, which states that "[w]hen read, /dev/urandom device
will return as many bytes as are requested.  As a result, if there is
not sufficient entropy in the entropy pool, the returned values are
theoretically vulnerable to a cryptographic attack on the algorithms
used by the driver", or the implementation of os.urandom() is severely
flawed.

(BTW, I just checked Python 2.4c1. Judging from the source code, it
seems to have the same behaviour.)

That's what help(os.urandom) says:

    urandom(n) -> str
    Return a string of n random bytes suitable for cryptographic use.

So it should be using /dev/random rather than /dev/urandom, shouldn't
it?

- Matthias A. Benkard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : http://mail.python.org/pipermail/python-dev/attachments/20041119/1a293b22/attachment.pgp


More information about the Python-Dev mailing list