[Python-Dev] BDFL ruling request: should we block forever waiting for high-quality random bits? (original) (raw)

Larry Hastings larry at hastings.org
Fri Jun 10 16:02:44 EDT 2016

On 06/10/2016 11:55 AM, Donald Stufft wrote:

Ok, so you’re looking for how would you replicate the blocking behavior of os.urandom that exists in 3.5.0 and 3.5.1?

In that case, it’s hard. I don’t think linux provides any way to externally determine if /dev/urandom has been initialized or not. Probably the easiest thing to do would be to interface with the getrandom() function using a c-ext, CFFI, or ctypes. If you’re looking for a way of doing this without calling the getrandom() function.. I believe the answer is you can’t.

I'm certain you're correct: you can't perform any operation on /dev/urandom to determine whether or not the urandom device has been initialized. That's one of the reasons why Mr. Ts'o added getrandom()--you can use it to test exactly that (getrandom(GRND_NONBLOCK)).

That's also why I proposed adding os.getrandom() in 3.5.2, to make it possible to block until urandom was initialized (without using ctypes etc as you suggest). However, none of the cryptography guys jumped up and said they wanted it, and in any case it was overruled by Guido, so we're not adding it to 3.5.2.

//arry/ -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.python.org/pipermail/python-dev/attachments/20160610/9646e6c6/attachment.html>

More information about the Python-Dev mailing list