Make a unique filesystem path, without creating the file

Marko Rauhamaa marko at pacujo.net
Mon Feb 22 16:22:24 EST 2016


Paul Rubin <no.email at nospam.invalid>:

>>> http://www.2uo.de/myths-about-urandom/
>> Did you post the link because you agreed with the Web pamphlet?
>
> I don't know what web pamphlet you mean,

The only one linked above.

Cryptography is tricky business, indeed. I know enough about it not to
improvise too much. Infinitesimal weaknesses can make a difference
between feasible and unfeasible attacks.

> but the right thing to use now is getrandom(2).

getrandom(2) is a good interface that distinguishes between the flag
values

   0                            =>  /dev/urandom
   GRND_RANDOM                  =>  /dev/random
   GRND_RANDOM | GRND_NONBLOCK  =>  /dev/random (O_NONBLOCK)

However, although os.urandom() delegates to getrandom(), the
documentation suggests it uses the flag value 0 (/dev/urandom).

> The random/urandom interface was poorly designed and misleadingly
> documented.

It could be better I suppose, but I never found it particularly bad. The
nice thing about it is that it is readily usable in shell scripts.


Marko


More information about the Python-list mailing list