Message 267807 - Python tracker (original) (raw)

So, in short, you don't know.

#25003 is about Solaris, and the reporter clearly had the expectation that /dev/urandom would never block. The documentation on Linux is clear: /dev/urandom will never block. That's two.

This "StackExchange" discussion: http://security.stackexchange.com/questions/42952/how-can-i-measure-and-increase-entropy-on-mac-os-x suggests that the Yarrow-based /dev/random and /dev/urandom on OS X will both degrade to PRNG if insufficient entropy is present. Thus they are are both like /dev/urandom, and neither will ever block.

The salient quote is this, from the random(4) manpage on OS X: "If the SecurityServer system daemon fails for any reason, output quality will suffer over time without any explicit indication from the random device itself."

That sure sounds like bad quality PRNG random bits to me. So that's three.

Again: ISTM that the universal expectation is that /dev/urandom will never block. Therefore os.urandom() should also never block. That it blocks in 3.5.0 and 3.5.1 is a performance regression and should be fixed.