[Security-sig] RFC: PEP: Make os.urandom() blocking on Linux

Barry Warsaw barry at python.org
Tue Jun 21 18:57:09 EDT 2016 

On Jun 21, 2016, at 04:10 PM, Victor Stinner wrote:

>    PEP: xxx
>    Title: Make os.urandom() blocking on Linux
>    Version: $Revision$
>    Last-Modified: $Date$
>    Author: Victor Stinner <victor.stinner at gmail.com>
>    Status: Draft
>    Type: Standards Track
>    Content-Type: text/x-rst
>    Created: 20-June-2016
>    Python-Version: 3.6
[...]
>
>Alternative
>===========

I would like to ask for some changes to this proto-PEP.

At a minimum, I think a proper treatment of the alternative where os.urandom()
remains (on Linux at least) a thin wrapper around /dev/urandom.  We would add
os.getrandom() as the low-level interface to the new C lib function, and
expose any higher level functionality in the secrets module if necessary.
Then we would also add a strong admonition to the documentation explaining the
trade-offs between os.urandom() and os.getrandom() and point people to the
latter for strong crypto use cases.

Your proto-PEP uses this as a rationale:

    Security experts promotes ``os.urandom()`` to genereate cryptographic
    keys, even instead of ``ssl.RAND_bytes()``.

and that's been a commonly cited reason for why strengthening os.urandom() is
preferable to adding a more direct mapping to the underlying function that
provides that strengthened randomness.  If if the assertion is true -and
respectfully, it isn't backed up by any actual citations in the proto-PEP- it
doesn't make it right.  It's also a bad precedence to follow IMHO.  Where do
we draw the line in changing existing APIs to their use or misuse as the case
may be?

We can discuss whether your proposal or my[*] alternative is the right one for
Python to follow, and I may lose that argument, but I think it's only proper
and fair to represent this point of view in this proto-PEP.  I do not think a
separate competing PEP is appropriate.

I should also note that my proposed alternative would make the title
incorrect, so I'd like to suggestion something like: "Providing a
cryptographically strong source of random bytes."

Cheers,
-Barry

[*] Although labeling it "my" gives me undo credit for points of view also
held and suggested by others; it's just a handy way of referring to it.

More information about the Security-SIG mailing list