Message195351
> Tarek Ziadé added the comment:
>
>> If os.urandom() doesn't fail, something else will fail soon after.
>
> the random pool can be exhausted, but this is not "soon after" I think. In Linux and Mac OS X, ulimit -n defaults to 512 and 256.
It's highly unlikely that you are every going to exhaust the CPRNG to a
point were it is no longer cryptographically secure. Thomas Ptacek
pointed me to http://security.stackexchange.com/a/3939 yesterday.
>> I agree with Antoine. Exhausting the FDs is not the problem,
>
> Do you suggest that we should not use os.urandom on high load ?
>
> Opening an FD on every call sounds under optimal, I am not seeing any drawback not to try to optimize that API.
The drawback is a slightly more complicated implementation that has to
deal with invalid FDs. |
|
Date |
User |
Action |
Args |
2013-08-16 16:26:19 | christian.heimes | set | recipients:
+ christian.heimes, jcea, pitrou, vstinner, tarek, neologix, hynek |
2013-08-16 16:26:19 | christian.heimes | link | issue18756 messages |
2013-08-16 16:26:19 | christian.heimes | create | |
|