This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author vstinner
Recipients adiroiban, loewis, vstinner, zooko
Date 2012-04-13.09:58:30
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
> This issue is a security vulnerability.

I disagree, it's just an issue of a comment in the C code. The Python documentation doesn't guarantee that os.urandom() is cryptographic.

Use ssl.RAND_bytes(), added to Python 3.3, if you need cryptographic random numbers.

By the way, VMS is no more supported in Python 3.3, see the PEP 11:

    Name:             VMS
    Unsupported in:   Python 3.3
    Code removed in:  Python 3.4
Date User Action Args
2012-04-13 09:58:31vstinnersetrecipients: + vstinner, loewis, zooko, adiroiban
2012-04-13 09:58:31vstinnersetmessageid: <>
2012-04-13 09:58:31vstinnerlinkissue9123 messages
2012-04-13 09:58:30vstinnercreate