Message195974
I don't get it either. urandom is perfectly fine. I showed that urandom is just a bit slower than SSL_rand().
How about we generalize SystemRandom so users can implement a custom RNG class wby providing a method rng(amount) -> bytes?
Antoine Pitrou <report@bugs.python.org> schrieb:
>
>Antoine Pitrou added the comment:
>
>Seriously, why are we obsessed with performance when talking about a
>security feature? Did anyone *actually* complain about urandom() being
>too slow (ok, someone complained about it eating file descriptors...
>:-))?
>
>The question is whether OpenSSL's random generator produces better
>randomness than the system one: apparently it's not the case under
>Linux, how about other systems?
>
>----------
>
>_______________________________________
>Python tracker <report@bugs.python.org>
><http://bugs.python.org/issue18811>
>_______________________________________ |
|
Date |
User |
Action |
Args |
2013-08-23 14:28:20 | christian.heimes | set | recipients:
+ christian.heimes, rhettinger, pitrou, vstinner, neologix |
2013-08-23 14:28:20 | christian.heimes | link | issue18811 messages |
2013-08-23 14:28:20 | christian.heimes | create | |
|