Author vstinner
Recipients adiroiban, loewis, vstinner, zooko
Date 2012-04-13.09:58:30
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1334311111.61.0.0949501405666.issue9123@psf.upfronthosting.co.za>
In-reply-to
Content
> This issue is a security vulnerability.

I disagree, it's just an issue of a comment in the C code. The Python documentation doesn't guarantee that os.urandom() is cryptographic.

Use ssl.RAND_bytes(), added to Python 3.3, if you need cryptographic random numbers.

By the way, VMS is no more supported in Python 3.3, see the PEP 11:

    Name:             VMS
    Unsupported in:   Python 3.3
    Code removed in:  Python 3.4
History
Date User Action Args
2012-04-13 09:58:31vstinnersetrecipients: + vstinner, loewis, zooko, adiroiban
2012-04-13 09:58:31vstinnersetmessageid: <1334311111.61.0.0949501405666.issue9123@psf.upfronthosting.co.za>
2012-04-13 09:58:31vstinnerlinkissue9123 messages
2012-04-13 09:58:30vstinnercreate