This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author christian.heimes
Recipients christian.heimes, neologix, pitrou, rhettinger, vstinner
Date 2013-08-23.14:28:20
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <559ecb7e-b0ba-46ef-ab77-8cdd8ef508fb@email.android.com>
In-reply-to <1377249305.3.0.394670607995.issue18811@psf.upfronthosting.co.za>
Content 
I don't get it either. urandom is perfectly fine. I showed that urandom is just a bit slower than SSL_rand().

How about we generalize SystemRandom so  users can implement a custom RNG class wby providing a method rng(amount) -> bytes?

Antoine Pitrou <report@bugs.python.org> schrieb:
>
>Antoine Pitrou added the comment:
>
>Seriously, why are we obsessed with performance when talking about a
>security feature? Did anyone *actually* complain about urandom() being
>too slow (ok, someone complained about it eating file descriptors...
>:-))?
>
>The question is whether OpenSSL's random generator produces better
>randomness than the system one: apparently it's not the case under
>Linux, how about other systems?
>
>----------
>
>_______________________________________
>Python tracker <report@bugs.python.org>
><http://bugs.python.org/issue18811>
>_______________________________________
History
Date User Action Args
2013-08-23 14:28:20christian.heimessetrecipients: + christian.heimes, rhettinger, pitrou, vstinner, neologix
2013-08-23 14:28:20christian.heimeslinkissue18811 messages
2013-08-23 14:28:20christian.heimescreate