Charles-François Natali added the comment:
>> PySSL_RAND_atfork_parent() still uses getpid(). This number is not
>> very random in the *parent* process :-)
>
> That's fine and doesn't diminish the properties of the PRNG. In fact the
> patch could use a hard coded value to perturb the PRNG. It's only
> important to modify the PRNG state of the *parent* process so that
> recycled PIDs of *child* processes don't lead to repeated pseudo-random
> values.
Yeah, it doesn't weaken the PRNG, but since we're using current time
and stack content to reseed it, using the parent PID which doesn't
change doesn't bring much (since we chose to add entropy and not just
a constant, which would be sufficient as you noted).
Anyway, for those interested, here's a reproducer.
----------
Added file: http://bugs.python.org/file31418/test.py
_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue18747>
_______________________________________
import os
import ssl
import time
def get_random():
return ssl.RAND_bytes(10)
get_random()
refpid = os.fork()
if refpid == 0:
# first child
print("PID: %d, random: %s" % (os.getpid(), get_random()))
os._exit(0)
else:
os.waitpid(refpid, 0)
while True:
pid = os.fork()
if pid == refpid:
os.waitpid(pid, 0)
break
elif pid == 0:
if os.getpid() == refpid:
print("PID: %d, random: %s" % (os.getpid(), get_random()))
os._exit(0)
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
