Message 158203 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	vstinner
Recipients	adiroiban, loewis, vstinner, zooko
Date	2012-04-13.09:58:30
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1334311111.61.0.0949501405666.issue9123@psf.upfronthosting.co.za>
In-reply-to

Content
> This issue is a security vulnerability. I disagree, it's just an issue of a comment in the C code. The Python documentation doesn't guarantee that os.urandom() is cryptographic. Use ssl.RAND_bytes(), added to Python 3.3, if you need cryptographic random numbers. By the way, VMS is no more supported in Python 3.3, see the PEP 11: Name: VMS Unsupported in: Python 3.3 Code removed in: Python 3.4

> This issue is a security vulnerability.

I disagree, it's just an issue of a comment in the C code. The Python documentation doesn't guarantee that os.urandom() is cryptographic.

Use ssl.RAND_bytes(), added to Python 3.3, if you need cryptographic random numbers.

By the way, VMS is no more supported in Python 3.3, see the PEP 11:

    Name:             VMS
    Unsupported in:   Python 3.3
    Code removed in:  Python 3.4

History
Date	User	Action	Args
2012-04-13 09:58:31	vstinner	set	recipients: + vstinner, loewis, zooko, adiroiban
2012-04-13 09:58:31	vstinner	set	messageid: <1334311111.61.0.0949501405666.issue9123@psf.upfronthosting.co.za>
2012-04-13 09:58:31	vstinner	link	issue9123 messages
2012-04-13 09:58:30	vstinner	create