[Security-sig] PEP 524: Make os.urandom() blocking on Linux (version 3)
Victor Stinner
victor.stinner at gmail.com
Fri Jul 29 12:52:34 EDT 2016
2016-07-29 17:37 GMT+02:00 Nick Coghlan <ncoghlan at gmail.com>:
>> Ok, but imagine that you use the "expensive" GRNG_RANDOM (/dev/random
>> rather than /dev/urandom). A first call returns 4000 bytes of "high
>> quality" random bytes, but user requested 4096 bytes and the second
>> call fails.
>
> I'd say in the non-EINTR case with GRNG_RANDOM it would be reasonable
> to return a short read. So folks using that flag would need a
> Python-level loop, but folks using the kernel's CSPRNG wouldn't.
Do you mean return the 4000 bytes and *ignores* the error?
Victor
More information about the Security-SIG
mailing list