[issue27279] Add random.cryptorandom() and random.pseudorandom, deprecate os.urandom()

2016-09-06 Thread Nick Coghlan
Nick Coghlan added the comment: PEP 524 has been implemented for 3.6b1 in #27776, so os.urandom() itself will now do the right thing for cryptographic use cases on Linux. -- resolution: -> rejected stage: -> resolved status: open -> closed type: -> enhancement

[issue27279] Add random.cryptorandom() and random.pseudorandom, deprecate os.urandom()

2016-06-12 Thread Christian Heimes
Changes by Christian Heimes : -- nosy: -christian.heimes ___ Python tracker ___ ___

[issue27279] Add random.cryptorandom() and random.pseudorandom, deprecate os.urandom()

2016-06-09 Thread Nick Coghlan
Nick Coghlan added the comment: As with other proposals to add new APIs, I think this is an overreaction to a Linux specific problem. Linux system boot could deadlock with 3.5.0 and 3.5.1 due to: - CPython startup using os.urandom() when it wasn't necessary - systemd invoking a Python script

[issue27279] Add random.cryptorandom() and random.pseudorandom, deprecate os.urandom()

2016-06-09 Thread Marc-Andre Lemburg
Marc-Andre Lemburg added the comment: Resources for entropy gathering sources: * Kernel based devices such as /dev/random: https://en.wikipedia.org/wiki//dev/random * EGD - old entropy gathering daemon; blocks when out of entropy http://egd.sourceforge.net/ (not maintained

[issue27279] Add random.cryptorandom() and random.pseudorandom, deprecate os.urandom()

2016-06-09 Thread Larry Hastings
Larry Hastings added the comment: > * FreeBSD will likely switch to the new Fortuna successor of Yarrow in an > upcoming release: A little more information about that. FreeBSD did a major refactoring of their /dev/urandom (etc) support, which landed in October 2014:

[issue27279] Add random.cryptorandom() and random.pseudorandom, deprecate os.urandom()

2016-06-09 Thread Marc-Andre Lemburg
Marc-Andre Lemburg added the comment: Some more resources for FreeBSD: * /dev/random and /dev/urandom (symlink to /dev/random) ma page: https://www.freebsd.org/cgi/man.cgi?query=random=4 * Developer discussion about /dev/random and its future from 2013:

[issue27279] Add random.cryptorandom() and random.pseudorandom, deprecate os.urandom()

2016-06-09 Thread Christian Heimes
Christian Heimes added the comment: On 2016-06-09 10:30, Marc-Andre Lemburg wrote: > > Marc-Andre Lemburg added the comment: > > On 09.06.2016 10:07, Larry Hastings wrote: >> >> I +1 on new functions that are designated the best-practice places to get >> your pseudo-random numbers. >> >> (IDK

[issue27279] Add random.cryptorandom() and random.pseudorandom, deprecate os.urandom()

2016-06-09 Thread Marc-Andre Lemburg
Marc-Andre Lemburg added the comment: On 09.06.2016 10:07, Larry Hastings wrote: > > I +1 on new functions that are designated the best-practice places to get > your pseudo-random numbers. > > (IDK if the best place for both is in random; maybe the crypto one should be > in secrets?) All up

[issue27279] Add random.cryptorandom() and random.pseudorandom, deprecate os.urandom()

2016-06-09 Thread Marc-Andre Lemburg
Marc-Andre Lemburg added the comment: Some resources: * getrandom() man page: http://man7.org/linux/man-pages/man2/getrandom.2.html * nice readup on how getrandom() was introduced: https://lwn.net/Articles/606141/ * random devices implementation on Linux:

[issue27279] Add random.cryptorandom() and random.pseudorandom, deprecate os.urandom()

2016-06-09 Thread Larry Hastings
Larry Hastings added the comment: I +1 on new functions that are designated the best-practice places to get your pseudo-random numbers. (IDK if the best place for both is in random; maybe the crypto one should be in secrets?) To be precise: on most OSes what you're calling "crypto random

[issue27279] Add random.cryptorandom() and random.pseudorandom, deprecate os.urandom()

2016-06-09 Thread Christian Heimes
Christian Heimes added the comment: -1 os.urandom() is just fine. Let's not confuse users and make it even harder to write secure software. -- nosy: +christian.heimes ___ Python tracker

[issue27279] Add random.cryptorandom() and random.pseudorandom, deprecate os.urandom()

2016-06-09 Thread Marc-Andre Lemburg
Marc-Andre Lemburg added the comment: Fleshing out the API signatures and implementation details will have to be done in a PEP. The topic is (as all the related ticket show) too complex for discussions on a bug tracker. I just opened this ticket for reference to the idea. --

[issue27279] Add random.cryptorandom() and random.pseudorandom, deprecate os.urandom()

2016-06-09 Thread Marc-Andre Lemburg
New submission from Marc-Andre Lemburg: I propose to deprecate os.urandom() altogether due to all the issues we've discussed on all those recent tickets, see e.g. #26839, #27250, #25420. Unlike what we've told people for many years, it's clear that in the age of VMs/containers getting