[Python-Dev] BDFL ruling request: should we block forever waiting for high-quality random bits?

Donald Stufft donald at stufft.io
Sat Jun 11 17:16:04 EDT 2016

> On Jun 11, 2016, at 4:48 PM, Guido van Rossum <guido at python.org> wrote:
> But I find an os.getrandom() that only exists on those (few?) platforms that support it a nuisance too -- this just encourages cargo cult code that's unnecessarily complicated and believed to be secure without anybody ever verifying.

Well, new enough Linux has getrandom(0), OpenBSD has getentropy(), Solaris has getrandom(), Windows has CryptGenRandom which all make it possible (or it’s the only way to invoke it) to get cryptographically secure random bytes or block and no in-between. So it’d likely be possible to have os.getrandom() with blocking semantics and no FD on all of the most popular platforms we support.

If we relax the no FD then FreeBSD and OS X also have /dev/random (or /dev/urandom it’s the same thing) which will ensure that you give cryptographically secure random bytes.

Donald Stufft

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20160611/231ad990/attachment.html>

More information about the Python-Dev mailing list