[Python-Dev] BDFL ruling request: should we block forever waiting for high-quality random bits? (original) (raw)
Alex Walters tritium-list at sdamon.com
Fri Jun 10 13:05:58 EDT 2016
- Previous message (by thread): [Python-Dev] BDFL ruling request: should we block forever waiting for high-quality random bits?
- Next message (by thread): [Python-Dev] BDFL ruling request: should we block forever waiting for high-quality random bits?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----Original Message----- From: Python-Dev [mailto:python-dev-bounces+tritium-_ _list=sdamon.com at python.org] On Behalf Of Sebastian Krause Sent: Friday, June 10, 2016 1:01 PM To: python-dev at python.org Subject: Re: [Python-Dev] BDFL ruling request: should we block forever waiting for high-quality random bits?
Guido van Rossum <guido at python.org> wrote: > I just don't like the potentially blocking behavior, and experts' opinions > seem to widely vary on how insecure the fallback bits really are, how > likely you are to find yourself in that situation, and how probable an > exploit would be. This is not just a theoretical problem being discussed by security experts that could be exploited, there have already been multiple real-life cases of devices (mostly embedded Linux machines) generating predicatable SSH keys because they read from an uninitialized /dev/urandom at first boot. Most recently in the Raspbian distribution for the Raspberry Pi: https://www.raspberrypi.org/forums/viewtopic.php?f=66&t=126892 At least in 3.6 there should be obvious way to get random data that always guarantees to be secure and either fails or blocks if it can't guarantee that. Sebastian
And that should live in the secrets module.
- Previous message (by thread): [Python-Dev] BDFL ruling request: should we block forever waiting for high-quality random bits?
- Next message (by thread): [Python-Dev] BDFL ruling request: should we block forever waiting for high-quality random bits?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]