[Python-Dev] BDFL ruling request: should we block forever waiting for high-quality random bits?
donald at stufft.io
Thu Jun 9 13:22:00 EDT 2016
> On Jun 9, 2016, at 1:14 PM, Steven D'Aprano <steve at pearwood.info> wrote:
> On Thu, Jun 09, 2016 at 12:39:00PM -0400, Donald Stufft wrote:
>> There are three options for what do with os.urandom by default:
>> * Allow it to silently return data that may or may not be
>> cryptographically secure based on what the state of the urandom pool
>> initialization looks like.
> Just to be clear, this is only an option on Linux, right? All the other
> major platforms block, whatever we decide to do on Linux. Including
To my knowledge, all other major platforms block or otherwise ensure that /dev/urandom can never return anything but cryptographically secure random. 
> Python-Dev mailing list
> Python-Dev at python.org
> Unsubscribe: https://mail.python.org/mailman/options/python-dev/donald%40stufft.io
 I believe OpenBSD cannot block, but they inject randomness via the boot loader so that the system is never in a state where the kernel doesn’t have enough entropy.
More information about the Python-Dev