Message 267648 - Python tracker (original) (raw)

Thomas Petazzoni: "The original problem is that Python wants to generate random numbers at startup. Are those random numbers really used for crypto-related activities? I doubt it."

Python randomized hash function and random.Random (Mersenne Twister, instanciated when "import random" is called) don't need high quality random. Poor entropy is enough ;-)

Thomas Petazzoni: "So isn't the proper solution to have two functions, one delivering random numbers that are usable for crypto-related activities, and which would potentially block, and a second one that delivers random numbers that are not appropriate for crypto stuff. This second function can be used at Python startup to replace what is done currently."

Sure, that's the obvious change: I proposed the issue #27250.

I forgot about the new secrets module. I agree that this module must require high-quality entropy.