classification
Title: Add os.urandom_info
Type: Stage:
Components: Versions: Python 3.6
process
Status: closed Resolution: postponed
Dependencies: Superseder: Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()
View: 27266
Assigned To: Nosy List: alex, christian.heimes, vstinner
Priority: normal Keywords:

Created on 2016-06-07 12:06 by vstinner, last changed 2016-06-08 22:33 by vstinner. This issue is now closed.

Messages (3)
msg267641 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2016-06-07 12:06
It seems like in some cases, you do need to know how os.urandom() generates random numbers. On Linux, using getrandom() to read /dev/urandom in blocking mode or reading from /dev/urandom give a different level of security if the urandom entropy pool is not feeded with enough entropy yet. See the issue #26839 for the background.
msg267659 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2016-06-07 12:46
+1

How are you planning to handle initialization? Run getentropy() and check if the syscall succeeds?
msg267918 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2016-06-08 22:33
The current trend in the random discussion (see https://haypo-notes.readthedocs.io/pep_random.html and the issue #26839) is more to use weak entropy to start Python (hash seed and random constructor) and os.urandom() blocks until the kernel collected enough entropy. In this case, such information is no more needed. So I close this issue, superseded by the issue #27266.
History
Date User Action Args
2016-06-08 22:33:02vstinnersetstatus: open -> closed
superseder: Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()
resolution: postponed
messages: + msg267918
2016-06-07 12:46:04christian.heimessetnosy: + christian.heimes
messages: + msg267659
2016-06-07 12:22:51alexsetnosy: + alex
2016-06-07 12:06:14vstinnercreate