[Python-Dev] BDFL ruling request: should we block forever waiting for high-quality random bits?
Ionel Cristian Mărieș
contact at ionelmc.ro
Thu Jun 16 07:27:01 EDT 2016
On Thu, Jun 16, 2016 at 1:04 PM, Donald Stufft <donald at stufft.io> wrote:
> In my opinion, this is a usability issue as well. You have a ton of third
> party documentation and effort around “just use urandom” for Cryptographic
> random which is generally the right (and best!) answer except for this one
> little niggle on a Linux platform where /dev/urandom *may* produce
> predictable bytes (but usually doesn’t).
Why not consider opt-out behavior with environment variables? Eg: people
that don't care about crypto mumbojumbo and want fast interpreter startup
could just use a PYTHONWEAKURANDOM=y or PYTHONFASTURANDOM=y.
That ways there's no need to change api of os.urandom() and users have a
clear and easy path to get old behavior.
-- Ionel Cristian Mărieș, http://blog.ionelmc.ro
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Python-Dev