classification
Title: os.getentropy support
Type: Stage: resolved
Components: Library (Lib) Versions: Python 3.8
process
Status: closed Resolution: rejected
Dependencies: Superseder:
Assigned To: Nosy List: David Carlier, benjamin.peterson, christian.heimes, eitan.adler, rhettinger, serhiy.storchaka, vstinner
Priority: normal Keywords:

Created on 2018-05-15 22:08 by David Carlier, last changed 2018-05-20 16:30 by David Carlier. This issue is now closed.

Pull Requests
URL Status Linked Edit
PR 6884 closed David Carlier, 2018-05-15 22:08
Messages (9)
msg316766 - (view) Author: Benjamin Peterson (benjamin.peterson) * (Python committer) Date: 2018-05-16 06:05
Why isn't os.urandom sufficient?
msg316767 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2018-05-16 06:23
AFAIK os.urandom is implemented via getentropy() if it is the most preferable source of randomness. See Python/bootstrap_hash.c and PEP 524 for details.
msg316768 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2018-05-16 06:26
"os.getentropy support"

David Carlier: Would you mind to elaborate a little bit? This feature request is a little bit short.
msg316775 - (view) Author: David Carlier (David Carlier) * Date: 2018-05-16 07:34
These are valid point. In fact it was just to have direct access to the function like os.getrandom accesses directly the Linux syscall. But if there is no enough valid reason I can drop this PR.
msg316777 - (view) Author: Eitan Adler (eitan.adler) * Date: 2018-05-16 07:55
There are few if any valid reasons to make direct use of the syscall from python code. Portable code would have to reimplement most of the logic from `getentropy` in any case. 

What you're usecase for the direct syscall?
msg316778 - (view) Author: David Carlier (David Carlier) * Date: 2018-05-16 07:59
To have same usage as I would use getentropy under OpenBSD (e.g. 256 bytes max at a time) really as a wrapper.
msg317079 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2018-05-19 00:30
I know two main use cases for random numbers:

* security: use os.urandom(), secrets and random.SystemRandom
* not security: use the random module

Exposing os.getentropy() seems like a new non-portable function for the first use case, security. What does it add compared to directly call os.urandom() for example?

I chose to expose os.getrandom() for one very specific use case, described in the PEP 524: check if os.urandom() is going to block.

On OpenBSD, os.urandom() and getentropy() does never block, so os.getentropy() seems useless to me. OpenBSD design is different: the CSRPNG is feeded from the boot loader. Or tell me if I missed something.
msg317094 - (view) Author: David Carlier (David Carlier) * Date: 2018-05-19 04:18
Those are valid points honestly. OpenBSD's getentropy works that way indeed (getentropy has also been implemented into FreeBSD in the CURRENT branch couple of months ago).
So indeed os.urandom provides already a wrapping usage only this one gives the responsibility to the caller to handle cases when more than 256 bytes at a time.
msg317127 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2018-05-19 16:26
I'm -1 on this feature.

It's both confusing and unnecessary to have this feature in the standard library. In general we prefer portable functions or expose platform-specific functions for unique features. The getentropy function is neither portable nor more useful than the high-level wrapper os.urandom().

If you truly require to access the raw function, then you can easily access the libc function with a simple C-types wrapper:

>>> from ctypes import cdll, create_string_buffer
>>> libc = cdll.LoadLibrary("libc.so.6") 
>>> buf = create_string_buffer(8)
>>> buf.raw
b'\x00\x00\x00\x00\x00\x00\x00\x00'
>>> libc.getentropy(buf, len(buf))
0
>>> buf.raw
b'\xd9\x83`\x8a\x89\xc7\x9eX'
History
Date User Action Args
2018-05-20 16:30:19David Carliersetstatus: open -> closed
resolution: rejected
stage: resolved
2018-05-19 16:26:42christian.heimessetnosy: + christian.heimes
messages: + msg317127
2018-05-19 04:18:46David Carliersetmessages: + msg317094
2018-05-19 00:30:21vstinnersetmessages: + msg317079
2018-05-16 07:59:25David Carliersetmessages: + msg316778
2018-05-16 07:55:18eitan.adlersetmessages: + msg316777
2018-05-16 07:34:58David Carliersetmessages: + msg316775
2018-05-16 06:26:30eitan.adlersetnosy: + eitan.adler
2018-05-16 06:26:08vstinnersetmessages: + msg316768
2018-05-16 06:23:09serhiy.storchakasetnosy: + rhettinger, vstinner, serhiy.storchaka
messages: + msg316767
2018-05-16 06:05:03benjamin.petersonsetnosy: + benjamin.peterson
messages: + msg316766
2018-05-15 22:08:43David Carliercreate