| msg316766 - (view) |
Author: Benjamin Peterson (benjamin.peterson) *  |
Date: 2018-05-16 06:05 |
| Why isn't os.urandom sufficient? |
|
|
| msg316767 - (view) |
Author: Serhiy Storchaka (serhiy.storchaka) * |
Date: 2018-05-16 06:23 |
| AFAIK os.urandom is implemented via getentropy() if it is the most preferable source of randomness. See Python/bootstrap_hash.c and PEP 524 for details. |
|
|
| msg316768 - (view) |
Author: STINNER Victor (vstinner) * |
Date: 2018-05-16 06:26 |
| "os.getentropy support" David Carlier: Would you mind to elaborate a little bit? This feature request is a little bit short. |
|
|
| msg316775 - (view) |
Author: David Carlier (David Carlier) * |
Date: 2018-05-16 07:34 |
| These are valid point. In fact it was just to have direct access to the function like os.getrandom accesses directly the Linux syscall. But if there is no enough valid reason I can drop this PR. |
|
|
| msg316777 - (view) |
Author: Eitan Adler (eitan.adler) * |
Date: 2018-05-16 07:55 |
| There are few if any valid reasons to make direct use of the syscall from python code. Portable code would have to reimplement most of the logic from `getentropy` in any case. What you're usecase for the direct syscall? |
|
|
| msg316778 - (view) |
Author: David Carlier (David Carlier) * |
Date: 2018-05-16 07:59 |
| To have same usage as I would use getentropy under OpenBSD (e.g. 256 bytes max at a time) really as a wrapper. |
|
|
| msg317079 - (view) |
Author: STINNER Victor (vstinner) * |
Date: 2018-05-19 00:30 |
| I know two main use cases for random numbers: * security: use os.urandom(), secrets and random.SystemRandom * not security: use the random module Exposing os.getentropy() seems like a new non-portable function for the first use case, security. What does it add compared to directly call os.urandom() for example? I chose to expose os.getrandom() for one very specific use case, described in the PEP 524: check if os.urandom() is going to block. On OpenBSD, os.urandom() and getentropy() does never block, so os.getentropy() seems useless to me. OpenBSD design is different: the CSRPNG is feeded from the boot loader. Or tell me if I missed something. |
|
|
| msg317094 - (view) |
Author: David Carlier (David Carlier) * |
Date: 2018-05-19 04:18 |
| Those are valid points honestly. OpenBSD's getentropy works that way indeed (getentropy has also been implemented into FreeBSD in the CURRENT branch couple of months ago). So indeed os.urandom provides already a wrapping usage only this one gives the responsibility to the caller to handle cases when more than 256 bytes at a time. |
|
|
| msg317127 - (view) |
Author: Christian Heimes (christian.heimes) * |
Date: 2018-05-19 16:26 |
| I'm -1 on this feature. It's both confusing and unnecessary to have this feature in the standard library. In general we prefer portable functions or expose platform-specific functions for unique features. The getentropy function is neither portable nor more useful than the high-level wrapper os.urandom(). If you truly require to access the raw function, then you can easily access the libc function with a simple C-types wrapper: >>> from ctypes import cdll, create_string_buffer >>> libc = cdll.LoadLibrary("libc.so.6") >>> buf = create_string_buffer(8) >>> buf.raw b'\x00\x00\x00\x00\x00\x00\x00\x00' >>> libc.getentropy(buf, len(buf)) 0 >>> buf.raw b'\xd9\x83`\x8a\x89\xc7\x9eX' |
|
|