[Python-Dev] BDFL ruling request: should we block forever waiting for high-quality random bits?
Donald Stufft
donald at stufft.io
Thu Jun 9 08:32:02 EDT 2016
> On Jun 9, 2016, at 7:25 AM, Larry Hastings <larry at hastings.org> wrote:
>
> 6) Guido and Tim Peters already decided once that os.urandom() should behave like /dev/urandom.
>
> Issue #25003:
> http://bugs.python.org/issue25003 <http://bugs.python.org/issue25003>
To be exceedingly clear, in this issue the problem wasn’t that os.urandom was
blocking once, early on in the boot process before the kernel had initialized
it’s urandom pool. The problem was that the getentropy() function on Solaris
behaves more like /dev/random does on Linux. This behavior is something that
myself, and most security experts/cryptographers that I know of, think is bad
behavior (and indeed, most OSs have gotten rid of this behavior of /dev/random
and made /dev/random and /dev/urandom behave the same... except again for
Linux).
The ask here isn't to make Linux behave like Solaris did in that issue, it's to
use the newer, better, interface to make Linux use the more secure behavior
that most (all?) of the other modern OSs have already adopted.
—
Donald Stufft
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20160609/02603ac5/attachment.html>
More information about the Python-Dev
mailing list