Author pitrou
Recipients Arfrever, Mark.Shannon, PaulMcMillan, Zhiping.Deng, alex, barry, benjamin.peterson, christian.heimes, dmalcolm, georg.brandl, gvanrossum, haypo, jcea, lemburg, merwok, pitrou, terry.reedy
Date 2012-01-05.00:01:01
SpamBayes Score 0.0054202
Marked as misclassified No
Message-id <1325721587.3458.13.camel@localhost.localdomain>
In-reply-to <1325721265.95.0.809609196313.issue13703@psf.upfronthosting.co.za>
Content
> > add PyOS_URandom() using CryptoGen, SSL (only on VMS!!)
> > or /dev/urandom
> 
> Oh, OpenSSL (RAND_pseudo_bytes) should be used on Windows, Linux, Mac
> OS X, etc. if OpenSSL is available.

Apart from the large dependency, the OpenSSL license is not
GPL-compatible which may be a problem for some Python-embedding
applications:
http://en.wikipedia.org/wiki/OpenSSL#Licensing

> > will a fallback on a dummy LCG
> 
> It's the Linear congruent generator (LCG) used by Microsoft Visual C++
> and PHP:
> 
> x(n+1) = (x(n) * 214013 + 2531011) % 2^32
> 
> I only use bits 23..16 (bits 15..0 are not really random).

If PHP uses it, I'm confident it is secure.
History
Date User Action Args
2012-01-05 00:01:03pitrousetrecipients: + pitrou, lemburg, gvanrossum, barry, georg.brandl, terry.reedy, jcea, haypo, christian.heimes, benjamin.peterson, merwok, Arfrever, alex, dmalcolm, Mark.Shannon, Zhiping.Deng, PaulMcMillan
2012-01-05 00:01:02pitroulinkissue13703 messages
2012-01-05 00:01:01pitroucreate