> On Jun 9, 2016, at 7:25 AM, Larry Hastings <la...@hastings.org> wrote: > > 6) Guido and Tim Peters already decided once that os.urandom() should behave > like /dev/urandom. > > Issue #25003: > http://bugs.python.org/issue25003 <http://bugs.python.org/issue25003> To be exceedingly clear, in this issue the problem wasn’t that os.urandom was blocking once, early on in the boot process before the kernel had initialized it’s urandom pool. The problem was that the getentropy() function on Solaris behaves more like /dev/random does on Linux. This behavior is something that myself, and most security experts/cryptographers that I know of, think is bad behavior (and indeed, most OSs have gotten rid of this behavior of /dev/random and made /dev/random and /dev/urandom behave the same... except again for Linux).
The ask here isn't to make Linux behave like Solaris did in that issue, it's to use the newer, better, interface to make Linux use the more secure behavior that most (all?) of the other modern OSs have already adopted. — Donald Stufft
_______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
