[Python-Dev] BDFL ruling request: should we block forever waiting for high-quality random bits? (original) (raw)
Greg Ewing greg.ewing at canterbury.ac.nz
Thu Jun 9 20:33:16 EDT 2016
- Previous message (by thread): [Python-Dev] BDFL ruling request: should we block forever waiting for high-quality random bits?
- Next message (by thread): [Python-Dev] BDFL ruling request: should we block forever waiting for high-quality random bits?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Steven D'Aprano wrote:
- Linux /dev/urandom doesn't block, but it might return predictable, poor-quality pseudo-random bytes (i.e. a potential exploit);
- Other OSes may block for potentially many minutes (i.e. a potential DOS).
It's even possible that it could block forever.
There was a case here recently in the cosc dept where students were running Clojure programs in a virtual machine environment. When they updated to a newer version of Clojure, everyone's programs started hanging on startup. It turned out the Clojure library was initialising its RNG from /dev/random, and the VM didn't have any real spinning disks or other devices to provide entropy.
-- Greg
- Previous message (by thread): [Python-Dev] BDFL ruling request: should we block forever waiting for high-quality random bits?
- Next message (by thread): [Python-Dev] BDFL ruling request: should we block forever waiting for high-quality random bits?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]