Message 267628 - Python tracker (original) (raw)

I agree with Alex here.

The documentation of os.urandom states: Return a string of n random bytes suitable for cryptographic use. However the old behavior prior to using the getrandom() call and the behavior with this patch makes that documentation a lie. It's now a string of n random bytes that may or may not be suitable for cryptographic use, but we have no idea which one it is.

No where in the documentation of os.urandom does it ever promise it will not block. In fact, on systems like FreeBSD where their /dev/urandom is better than Linuxes it always blocked on start up because that's just the way their /dev/urandom works.