[Python-Dev] BDFL ruling request: should we block forever waiting for high-quality random bits?

[Greg Ewing]

Steven D'Aprano wrote:
> - Linux /dev/urandom doesn't block, but it might return predictable, 
>   poor-quality pseudo-random bytes (i.e. a potential exploit);
> 
> - Other OSes may block for potentially many minutes (i.e. a 
>   potential DOS).

It's even possible that it could block *forever*.

There was a case here recently in the cosc dept where students were
running Clojure programs in a virtual machine environment. When
they updated to a newer version of Clojure, everyone's programs
started hanging on startup. It turned out the Clojure library was
initialising its RNG from /dev/random, and the VM didn't have any
real spinning disks or other devices to provide entropy.

-- 
Greg