This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author christian.heimes
Recipients christian.heimes, dstufft, larry, ned.deily, vstinner
Date 2016-06-11.10:07:53
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1465639674.0.0.865291084778.issue27292@psf.upfronthosting.co.za>
In-reply-to
Content 
In #26839 os.urandom() was made non-blocking and non-exception-raising on Linux. As a result os.urandom() is no longer a CSPRNG under some conditions as it can and will return predictable random values without any sort of warning or error flag. These conditions are (including but not limited to):

* early boot state
* virtualization without host-passthrough, e.g. virtio-rng
* embedded devices without hardware RNG or RTC, e.g. raspberry pi

Please ensure that the documentation properly warns users about these edge cases.

We might also want to add that os.urandom() can block on other platforms, e.g. FreeBSD and OpenBSD.
History
Date User Action Args
2016-06-11 10:07:54christian.heimessetrecipients: + christian.heimes, vstinner, larry, ned.deily, dstufft
2016-06-11 10:07:54christian.heimessetmessageid: <1465639674.0.0.865291084778.issue27292@psf.upfronthosting.co.za>
2016-06-11 10:07:53christian.heimeslinkissue27292 messages
2016-06-11 10:07:53christian.heimescreate