[Python-Dev] BDFL ruling request: should we block forever waiting for high-quality random bits?

Donald Stufft donald at stufft.io
Thu Jun 9 13:22:00 EDT 2016

> On Jun 9, 2016, at 1:14 PM, Steven D'Aprano <steve at pearwood.info> wrote:
> On Thu, Jun 09, 2016 at 12:39:00PM -0400, Donald Stufft wrote:
>> There are three options for what do with os.urandom by default:
>> * Allow it to silently return data that may or may not be 
>> cryptographically secure based on what the state of the urandom pool 
>> initialization looks like.
> Just to be clear, this is only an option on Linux, right? All the other 
> major platforms block, whatever we decide to do on Linux. Including 
> Windows?

To my knowledge, all other major platforms block or otherwise ensure that /dev/urandom can never return anything but cryptographically secure random. [1]

> -- 
> Steve
> _______________________________________________
> Python-Dev mailing list
> Python-Dev at python.org
> https://mail.python.org/mailman/listinfo/python-dev
> Unsubscribe: https://mail.python.org/mailman/options/python-dev/donald%40stufft.io

[1] I believe OpenBSD cannot block, but they inject randomness via the boot loader so that the system is never in a state where the kernel doesn’t have enough entropy.

Donald Stufft

More information about the Python-Dev mailing list