[Python-Dev] BDFL ruling request: should we block forever waiting for high-quality random bits? (original) (raw)

Nikolaus Rath Nikolaus at rath.org
Thu Jun 16 14:29:04 EDT 2016

On Jun 16 2016, Nick Coghlan <ncoghlan at gmail.com> wrote:

On 16 June 2016 at 09:39, Paul Moore <p.f.moore at gmail.com> wrote:

I'm willing to accept the view of the security experts that there's a problem here. But without a clear explanation of the problem, how can a non-specialist like myself have an opinion? (And I hope the security POV isn't "you don't need an opinion, just do as we say"). If you're not writing Linux (and presumably *BSD) scripts and applications that run during system initialisation or on embedded ARM hardware with no good sources of randomness, then there's zero chance of any change made in relation to this affecting you (Windows and Mac OS X are completely immune, since they don't allow Python scripts to run early enough in the boot sequence for there to ever be a problem). The only question at hand is what CPython should do in the case where the operating system does let Python scripts run before the system random number generator is ready, and the application calls a security sensitive API that relies on that RNG: - throw BlockingIOError (so the script developer knows they have a potential problem to fix) - block (so the script developer has a system hang to debug) - return low quality random data (so the script developer doesn't even know they have a potential problem) The last option is the status quo, and has a remarkable number of vocal defenders.

applaud

Best, -Nikolaus

-- GPG encrypted emails preferred. Key id: 0xD113FCAC3C4E599F Fingerprint: ED31 791B 2C5C 1613 AF38 8B8A D113 FCAC 3C4E 599F

         »Time flies like an arrow, fruit flies like a Banana.«

More information about the Python-Dev mailing list