[Python-Dev] BDFL ruling request: should we block forever waiting for high-quality random bits?
Guido van Rossum
guido at python.org
Fri Jun 10 00:28:18 EDT 2016
So secrets.py needs an upgrade; it currently uses random.SysRandom.
On Thursday, June 9, 2016, Tim Peters <tim.peters at gmail.com> wrote:
> [Nikolaus Rath]
> >> Aeh, what the tin says is "return random bytes".
>
> [Larry Hastings]
> > What the tin says is "urandom", which has local man pages that dictate
> > exactly how it behaves. On Linux the "urandom" man page says:
> >
> > A read from the /dev/urandom device will not block waiting for more
> entropy.
> > If there is not sufficient entropy, a pseudorandom number generator
> is used
> > to create the requested bytes.
> >
> > os.urandom() needs to behave like that on Linux, which is how it behaved
> in
> > Python 2.4 through 3.4.
>
> I agree (with Larry). If the change hadn't already been made, nobody
> would get anywhere trying to make it now. So best to pretend it was
> never made to begin with ;-)
>
> The tin that _will_ say "return random bytes" in Python will
> be`secrets.token_bytes()`. That's self-evidently (to me) where the
> "possibly block forever" implementation belongs.
> _______________________________________________
> Python-Dev mailing list
> Python-Dev at python.org <javascript:;>
> https://mail.python.org/mailman/listinfo/python-dev
> Unsubscribe:
> https://mail.python.org/mailman/options/python-dev/guido%40python.org
>
--
--Guido (mobile)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20160609/dcabfda7/attachment.html>
More information about the Python-Dev
mailing list