[Python-Dev] BDFL ruling request: should we block forever waiting for high-quality random bits?

David Mertz mertz at gnosis.cx
Fri Jun 10 15:05:38 EDT 2016


OK.  My understanding is that Guido ruled out introducing an os.getrandom()
API in 3.5.2.  But would you be happy if that interface is added to 3.6?

It feels to me like the correct spelling in 3.6 should probably be
secrets.getrandom() or something related to that.

On Fri, Jun 10, 2016 at 11:55 AM, Donald Stufft <donald at stufft.io> wrote:

> Ok, so you’re looking for how would you replicate the blocking behavior of
> os.urandom that exists in 3.5.0 and 3.5.1?
>
> In that case, it’s hard. I don’t think linux provides any way to
> externally determine if /dev/urandom has been initialized or not. Probably
> the easiest thing to do would be to interface with the getrandom() function
> using a c-ext, CFFI, or ctypes. If you’re looking for a way of doing this
> without calling the getrandom() function.. I believe the answer is you
> can’t.
>
> The closest thing you can get is checking
> the /proc/sys/kernel/random/entropy_avail file, but that tells you how much
> entropy the system currently thinks it has (which will go up and down over
> time) and corresponds to /dev/random on Linux not /dev/urandom.
>
> You could read from /dev/random, but that’s going to randomly block
> outside of the pool initialization whenever the kernel things it doesn’t
> have enough entropy. Cryptographers and security experts alike consider
> this to be pretty stupid behavior and don’t recommend using it because of
> this “randomly block throughout the use of your application” behavior.
>
> So really, out of the recommended solutions you really only have find a
> way to interface with the getrandom() function, or just consume
> /dev/urandom and hope it’s been initialized.
>
>
> On Jun 10, 2016, at 2:43 PM, David Mertz <mertz at gnosis.cx> wrote:
>
> My hypothetical is "Ensure good random bits (on Python 3.5.2 and Linux),
> and block rather than allow bad bits."
>
> I'm not quite sure I understand all of your question, Donald.  On Python
> 3.4—and by BDFL declaration on 3.5.2—os.urandom() *will not* block,
> although it might on 3.5.1.
>
> On Fri, Jun 10, 2016 at 11:33 AM, Donald Stufft <donald at stufft.io> wrote:
>
>>
>> On Jun 10, 2016, at 2:29 PM, David Mertz <mertz at gnosis.cx> wrote:
>>
>> If I *were* someone who needed to write a Linux system initialization
>> script using Python 3.5.2, what would the code look like.  I think for this
>> use case, requiring something with a little bit of "code smell" is fine,
>> but I kinda hope it exists at all.
>>
>>
>> Do you mean if os.urandom blocked and you wanted to call os.urandom from
>> your boot script? Or if os.urandom doesn’t block and you wanted to ensure
>> you got good random numbers on boot?
>>
>>>> Donald Stufft
>>
>>
>>
>>
>
>
> --
> Keeping medicines from the bloodstreams of the sick; food
> from the bellies of the hungry; books from the hands of the
> uneducated; technology from the underdeveloped; and putting
> advocates of freedom in prisons.  Intellectual property is
> to the 21st century what the slave trade was to the 16th.
>
>
>
>> Donald Stufft
>
>
>
>


-- 
Keeping medicines from the bloodstreams of the sick; food
from the bellies of the hungry; books from the hands of the
uneducated; technology from the underdeveloped; and putting
advocates of freedom in prisons.  Intellectual property is
to the 21st century what the slave trade was to the 16th.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20160610/b71dc767/attachment-0001.html>


More information about the Python-Dev mailing list