classification
Title: CPython uses deprecated randomness API
Type: enhancement Stage: resolved
Components: Windows Versions: Python 3.11
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: corona10, graingert, paul.moore, steve.dower, strombrg, tim.golden, tim.peters, zach.ware
Priority: normal Keywords: patch

Created on 2021-07-12 17:16 by strombrg, last changed 2021-07-23 14:04 by corona10. This issue is now closed.

Pull Requests
URL Status Linked Edit
PR 27168 merged corona10, 2021-07-15 17:41
Messages (6)
msg397339 - (view) Author: Dan Stromberg (strombrg) Date: 2021-07-12 17:16
CPython 3.9 uses CryptGenRandom(), which has been deprecated by Microsoft.

I'm told the randomness produced by CryptGenRandom() is fine, but Microsoft has introduced a newer API for getting randomness.

For these reasons, Python/bootstrap_hash.c should be updated to use https://docs.microsoft.com/en-us/windows/win32/seccng/cng-por , but it is not urgent, and is not needed in older versions of CPython.

Also the documentation that references CryptGenRandom() should be updated, EG: https://docs.python.org/3/library/os.html#os.urandom
msg397361 - (view) Author: Tim Peters (tim.peters) * (Python committer) Date: 2021-07-12 22:18
Dan, the Microsoft URL in your message gives a 404 for me. Did you perhaps mean to end it with "cng-portal" (instead of "cng-por")?
msg397362 - (view) Author: Thomas Grainger (graingert) * Date: 2021-07-12 22:24
https://docs.microsoft.com/en-us/windows/win32/seccng/cng-portal ?
msg397371 - (view) Author: Dan Stromberg (strombrg) Date: 2021-07-13 00:45
Yes, cng-portal.

On Mon, Jul 12, 2021 at 3:24 PM Thomas Grainger <report@bugs.python.org>
wrote:

>
> Thomas Grainger <tagrain@gmail.com> added the comment:
>
> https://docs.microsoft.com/en-us/windows/win32/seccng/cng-portal ?
>
> ----------
> nosy: +graingert
>
> _______________________________________
> Python tracker <report@bugs.python.org>
> <https://bugs.python.org/issue44611>
> _______________________________________
>

-- 

Dan Stromberg | Senior Software Engineer

Mobile +1.949.342.6502

<https://keepersecurity.com/>

** This email is confidential and is intended for the recipient(s)
addressed herein **
msg397920 - (view) Author: Dong-hee Na (corona10) * (Python committer) Date: 2021-07-21 00:21
@tim.peters

Can you please take a look at GH-27168?
I would like to get your review before merging this PR :)
msg398056 - (view) Author: Dong-hee Na (corona10) * (Python committer) Date: 2021-07-23 14:04
New changeset 906fe47083bc9ab7ed2b70c99c1b0daad021f126 by Dong-hee Na in branch 'main':
bpo-44611: Use BCryptGenRandom instead of CryptGenRandom on Windows (GH-27168)
https://github.com/python/cpython/commit/906fe47083bc9ab7ed2b70c99c1b0daad021f126
History
Date User Action Args
2021-07-23 14:04:46corona10setstatus: open -> closed
resolution: fixed
stage: patch review -> resolved
2021-07-23 14:04:38corona10setmessages: + msg398056
2021-07-21 00:21:04corona10setmessages: + msg397920
2021-07-17 05:29:47corona10setpull_requests: - pull_request25742
2021-07-17 05:29:28corona10setpull_requests: + pull_request25742
2021-07-17 05:29:04corona10setpull_requests: - pull_request25740
2021-07-17 05:21:18corona10setpull_requests: + pull_request25740
2021-07-15 17:41:04corona10setkeywords: + patch
stage: patch review
pull_requests: + pull_request25704
2021-07-15 15:37:55corona10setnosy: + corona10
2021-07-13 00:45:24strombrgsetmessages: + msg397371
2021-07-12 22:24:18graingertsetnosy: + graingert
messages: + msg397362
2021-07-12 22:18:52tim.peterssetnosy: + tim.peters
messages: + msg397361
2021-07-12 17:16:33strombrgcreate