[Python-Dev] BDFL ruling request: should we block forever waiting for high-quality random bits?
Larry Hastings
larry at hastings.org
Sat Jun 11 04:24:15 EDT 2016
On 06/11/2016 12:49 AM, Steven D'Aprano wrote:
> Will there be platforms where os.getrandom doesn't exist? If not, then
> secrets can just rely on it, otherwise what should it do?
>
> if hasattr(os, 'getrandom'):
> return os.getrandom(n)
> else:
> # Fail? Fall back on os.urandom?
AFAIK:
* Only Linux and Solaris have getrandom() right now. IIUC Solaris
duplicated Linux's API, but I don't know that for certain, and I
don't know in particular what GRND_RANDOM does on Solaris. (Of
course, you don't need GRND_RANDOM for secrets.token_bytes().)
* Only Linux and OS X have never-blocking /dev/urandom. On Linux, you
can choose to block by calling getrandom(). On OS X you have no
choice, you can only use the never-blocking /dev/urandom. (OS X
also has a /dev/random but it behaves identically to /dev/urandom.)
OS X's man page reassuringly claims blocking is never necessary; the
blogosphere disagrees.
If I were writing the function for the secrets module, I'd write it like
you have above: call os.getrandom() if it's present, and os.urandom() if
it isn't. I believe that achieves current-best-practice everywhere: it
does the right thing on Linux, it does the right thing on Solaris, it
does the right thing on all the other OSes where reading from
/dev/urandom can block, and it uses the only facility available to us on
OS X.
//arry/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20160611/25e47ab8/attachment.html>
More information about the Python-Dev
mailing list