[Python-Dev] BDFL ruling request: should we block forever waiting for high-quality random bits? (original) (raw)
Stefan Krah stefan at bytereef.org
Thu Jun 16 04:19:53 EDT 2016
- Previous message (by thread): [Python-Dev] BDFL ruling request: should we block forever waiting for high-quality random bits?
- Next message (by thread): [Python-Dev] BDFL ruling request: should we block forever waiting for high-quality random bits?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Nathaniel Smith <njs pobox.com> writes:
In practice, your proposal means that ~all existing code that uses os.urandom becomes incorrect and should be switched to either secrets or random. This is far more churn for end-users than Nick's proposal.
This should only concern code that a) was specifically written for 3.5.0/3.5.1 and b) implements a serious cryptographic application in Python.
I think b) is not a good idea anyway due to timing and side channel attacks and the lack of secure wiping of memory. Such applications should be written in C, where one does not have to predict the behavior of multiple layers of abstractions.
Stefan Krah
- Previous message (by thread): [Python-Dev] BDFL ruling request: should we block forever waiting for high-quality random bits?
- Next message (by thread): [Python-Dev] BDFL ruling request: should we block forever waiting for high-quality random bits?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]