[Security-sig] Take a decision for os.urandom() in Python 3.6
Nick Coghlan
ncoghlan at gmail.com
Sat Aug 6 06:14:23 EDT 2016
On 6 August 2016 at 18:46, Nick Coghlan <ncoghlan at gmail.com> wrote:
> On 6 August 2016 at 18:32, Victor Stinner <victor.stinner at gmail.com> wrote:
>> Le 6 août 2016 04:39, "Guido van Rossum" <guido at python.org> a écrit :
>>> 4. Bad code gets cargo-culted (e.g. through StackOverflow).
>>
>>> Re (4): With PEP 524, people worried about blocking may be driven to
>>> unnecessarily write more complicated code using os.getrandom(). With
>>> PEP 522, people worried about crashes may be driven to unnecessarily
>>> call secrets.wait_for_system_rng() or put try/except blocks catching
>>> raise BlockingIOError around all their os.urandom()-based calls.
>>
>> What can we do to reduce this issue? Promote the best recipes in the
>> documentation of the random and/or secrets module? Add Nick's
>> secrets.wait_for_system_rng()?
>
> At the moment, PEP 522 doesn't propose making the secrets API block
> implicitly. I was already starting to have doubts about that, and
> given Guido's feedback, I think I should change it so that it does.
OK, I've made this change now:
https://github.com/python/peps/commit/5392cf9fb86d983b2f06694b742318000ad8bdc2
It turned out to have the nice property of making secrets.token_bytes
a blocking drop-in replacement for os.urandom, so I appended a "; see
secrets.token_bytes()" to the proposed error message. This should make
the "boilerplate" answer either using secrets.token_bytes
unconditionally, or else a backwards compatibility dance to use it if
available, and fall back to os.urandom otherwise.
I also tried to make it more explicit that application frameworks like
Django that can make more assumptions about their use cases can easily
prevent the BlockingIOError from ever coming up by calling
secrets.wait_for_system_rng() when it's available.
Most of the other changes were clearing out references to things that
have already been handled outside the PEP process (i.e. agreeing that
os.getrandom() is useful to expose as a platform feature, agreeing
that SipHash initialisation and random module initialisation shouldn't
wait for the system RNG)
Cheers,
Nick.
--
Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia
More information about the Security-SIG
mailing list