[Python-Dev] BDFL ruling request: should we block forever waiting for high-quality random bits? (original) (raw)
Donald Stufft donald at stufft.io
Thu Jun 9 08:32:02 EDT 2016
- Previous message (by thread): [Python-Dev] BDFL ruling request: should we block forever waiting for high-quality random bits?
- Next message (by thread): [Python-Dev] BDFL ruling request: should we block forever waiting for high-quality random bits?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Jun 9, 2016, at 7:25 AM, Larry Hastings <larry at hastings.org> wrote:
6) Guido and Tim Peters already decided once that os.urandom() should behave like /dev/urandom. Issue #25003: http://bugs.python.org/issue25003 <http://bugs.python.org/issue25003> To be exceedingly clear, in this issue the problem wasn’t that os.urandom was blocking once, early on in the boot process before the kernel had initialized it’s urandom pool. The problem was that the getentropy() function on Solaris behaves more like /dev/random does on Linux. This behavior is something that myself, and most security experts/cryptographers that I know of, think is bad behavior (and indeed, most OSs have gotten rid of this behavior of /dev/random and made /dev/random and /dev/urandom behave the same... except again for Linux).
The ask here isn't to make Linux behave like Solaris did in that issue, it's to use the newer, better, interface to make Linux use the more secure behavior that most (all?) of the other modern OSs have already adopted.
— Donald Stufft
-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.python.org/pipermail/python-dev/attachments/20160609/02603ac5/attachment.html>
- Previous message (by thread): [Python-Dev] BDFL ruling request: should we block forever waiting for high-quality random bits?
- Next message (by thread): [Python-Dev] BDFL ruling request: should we block forever waiting for high-quality random bits?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]