(original) (raw)

On 06/11/2016 12:49 AM, Steven D'Aprano wrote:

Will there be platforms where os.getrandom doesn't exist? If not, then   
secrets can just rely on it, otherwise what should it do?

if hasattr(os, 'getrandom'):
 return os.getrandom(n)
else:
 # Fail? Fall back on os.urandom?

AFAIK:

Only Linux and Solaris have getrandom() right now.� IIUC
Solaris duplicated Linux's API, but I don't know that for
certain, and I don't know in particular what GRND_RANDOM does on
Solaris.� (Of course, you don't need GRND_RANDOM for
secrets.token_bytes().)

Only Linux and OS X have never-blocking /dev/urandom.� On
Linux, you can choose to block by calling getrandom().� On OS X
you have no choice, you can only use the never-blocking
/dev/urandom.� (OS X also has a /dev/random but it behaves
identically to /dev/urandom.)� OS X's man page reassuringly
claims blocking is never necessary; the blogosphere disagrees.

If I were writing the function for the secrets module, I'd write it
like you have above: call os.getrandom() if it's present, and
os.urandom() if it isn't.� I believe that achieves
current-best-practice everywhere: it does the right thing on Linux,
it does the right thing on Solaris, it does the right thing on all
the other OSes where reading from /dev/urandom can block, and it
uses the only facility available to us on OS X.

/arry