[issue27292] Warn users that os.urandom() can return insecure values

Sat, 11 Jun 2016 11:07:43 -0700 

Larry Hastings added the comment:

I don't think this is necessary, as the documentation for os.urandom() is 
already pretty good.  Here's the relevant bit:

    This function returns random bytes from an OS-specific randomness
    source. The returned data should be unpredictable enough for
    cryptographic applications, though its exact quality depends on
    the OS implementation. On a Unix-like system this will query
    /dev/urandom, and on Windows it will use CryptGenRandom().

ISTM that the Python documentation doesn't generally indulge in warning users 
about specific shortcomings of particular platforms; if it did it would be 
littered with such warnings.

Personally I'd approve of making the existing statements a little more 
forceful, like pulling it out into a red "warning" box and making it explicit 
that os.urandom() isn't any more sophisticated than the platform-specific 
technologies it uses.  But that's as far as I'd go.  I wouldn't add all the 
specifics you suggest.

Technically I think this actually is my call, as I'm the "platform expert" for 
the posix module:
  https://docs.python.org/devguide/experts.html
But really I think it's the call of the "Documentation Expert" for the relevant 
releases.  This is a stylistic concern--should the Python docs delve into these 
sorts of details?--and that's really the domain of the DE.

Georg Brandl is the DE for all currently-supported versions of Python.  (Well, 
2.7 has no official DE, but I think Georg is de facto DE for that release too.) 
 I've nosied him here; hopefully he can tell us the standard Python doc 
aesthetic when it comes to these sorts of concerns.


By the way, the Raspberry PI does have hardware RNG:
  
http://scruss.com/blog/2013/06/07/well-that-was-unexpected-the-raspberry-pis-hardware-random-number-generator/
It required loading an extra driver, at least as of 2014.  I concede I don't 
know what current crypto best-practices are on the PI.

That's one good reason why I think the Python documentation doesn't indulge in 
these laundry lists of platform failings--such information has a tendency to 
become out-of-date without anyone noticing.

----------
nosy: +georg.brandl

_______________________________________
Python tracker <[email protected]>
<http://bugs.python.org/issue27292>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

Reply via email to