Message195364
> In the light of the recent Android issue with PRNGs [1] I don't think
> that Python should roll out its own CPRNG. I'd rather use the operation
> system's CPRNG or OpenSSL's CPRNG. After all we aren't crypto experts.
> I'd rather point my finger to OpenSSL than take the blame for a faulty
> CPRNG.
Yeah, sure.
But it would be nice to have an API similar to the random module (i.e.
a Random ABC, which could have several implementations, among which an
/dev/urandom backed one). The underlying FD lifetime would be tied to
the Random object lifetime, and we couldn't have to open/close it at
each call. |
|
Date |
User |
Action |
Args |
2013-08-16 16:58:47 | neologix | set | recipients:
+ neologix, jcea, pitrou, vstinner, christian.heimes, tarek, hynek |
2013-08-16 16:58:47 | neologix | link | issue18756 messages |
2013-08-16 16:58:47 | neologix | create | |
|