classification
Title: Misleading warning in random module docs
Type: security Stage: resolved
Components: Documentation Versions: Python 3.3, Python 3.4, Python 2.7
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: rhettinger Nosy List: christian.heimes, docs@python, dstufft, ezio.melotti, georg.brandl, pitrou, python-dev, rhettinger, vstinner
Priority: low Keywords:

Created on 2012-10-10 16:13 by christian.heimes, last changed 2013-08-16 18:38 by pitrou. This issue is now closed.

Messages (9)
msg172589 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2012-10-10 16:13
The documentation [1] of the random module contains a misleading warning 

---
Warning: The generators of the random module should not be used for security purposes. Use ssl.RAND_bytes() if you require a cryptographically secure pseudorandom number generator.
---

The warning should point users to os.urandom() and random.SystemRandom rather than ssl.RAND_bytes(). On Linux os.urandom() wraps /dev/urandom [2], on Windows it uses CryptGenRandom() [3]. Both are suitable for most cryptographic purposes except for long-lived keys (SSL, SSH, GPG certs etc.). ssl.RAND_bytes() should only be used for such long-lived data and not for salts, session ids and similar.

I like to see the warning box in Python 2.7, too. It's still the default for docs.python.org. My inquiry is motivated by #16184.

[1] http://docs.python.org/py3k/library/random.html
[2] http://linux.die.net/man/4/urandom
[3] http://msdn.microsoft.com/en-us/library/windows/desktop/aa379942%28v=vs.85%29.aspx
msg172592 - (view) Author: Georg Brandl (georg.brandl) * (Python committer) Date: 2012-10-10 16:22
Sure, I'd propose a rewording that mentions both alternatives and when they should be used.
msg172636 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2012-10-11 12:19
See also the issue #15213 (and the issue #12754).
msg195279 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2013-08-15 19:44
Thomas H. Ptacek pointed me to a good explanation: http://security.stackexchange.com/a/3939

TL;DR: Just use /dev/urandom and be happy.
msg195284 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2013-08-15 20:21
Agreed with a re-wording.
msg195369 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2013-08-16 17:21
New changeset 9df0501fab35 by Antoine Pitrou in branch '3.3':
Issue #16190: fix random module recommendation to use ssl.RAND_bytes().
http://hg.python.org/cpython/rev/9df0501fab35

New changeset 04b50a1eb013 by Antoine Pitrou in branch 'default':
Issue #16190: fix random module recommendation to use ssl.RAND_bytes().
http://hg.python.org/cpython/rev/04b50a1eb013

New changeset 48b618a9ad10 by Antoine Pitrou in branch '2.7':
Issue #16190: fix random module recommendation to use ssl.RAND_bytes().
http://hg.python.org/cpython/rev/48b618a9ad10
msg195370 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2013-08-16 17:22
Done.
msg195390 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2013-08-16 18:35
Why did you remove reference to ssl.RAND_bytes() on Python 3.3 from the notice?
msg195391 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2013-08-16 18:38
As far as I understand, os.urandom() is fine for the task. There's no point in mentioning ssl.RAND_bytes() just because it exists, IMO.
History
Date User Action Args
2013-08-16 18:38:47pitrousetmessages: + msg195391
2013-08-16 18:35:05vstinnersetmessages: + msg195390
2013-08-16 17:22:25pitrousetstatus: open -> closed
versions: - Python 3.2
messages: + msg195370

resolution: fixed
stage: needs patch -> resolved
2013-08-16 17:21:35python-devsetnosy: + python-dev
messages: + msg195369
2013-08-16 17:17:34dstufftsetnosy: + dstufft
2013-08-15 20:21:22pitrousetnosy: + pitrou
messages: + msg195284
2013-08-15 19:44:50christian.heimessetmessages: + msg195279
2012-11-09 15:10:20George.Peristerakissetnosy: - George.Peristerakis
2012-11-03 22:15:37George.Peristerakissetnosy: + George.Peristerakis
2012-10-11 12:19:48vstinnersetmessages: + msg172636
2012-10-11 11:10:27ezio.melottisetnosy: + vstinner, ezio.melotti

stage: needs patch
2012-10-11 08:05:33rhettingersetpriority: normal -> low
assignee: docs@python -> rhettinger

components: + Documentation
nosy: + rhettinger
2012-10-10 16:22:35georg.brandlsetnosy: + georg.brandl
messages: + msg172592
2012-10-10 16:13:10christian.heimescreate