Message241863
IMO it's not a security issue at all. If you have to care about security, you shouldn't use the random module at all. random.SystemRandom() merely uses a CPRNG as entropy source. But It also manipulates numbers in ways that may or may not be safe.
Only os.getrandom() returns unmodified and unbiased random numbers -- iff the operating system provides a proper CPRNG. |
|
Date |
User |
Action |
Args |
2015-04-23 12:07:37 | christian.heimes | set | recipients:
+ christian.heimes, skip.montanaro, rhettinger, mark.dickinson, serhiy.storchaka, gurnec |
2015-04-23 12:07:37 | christian.heimes | set | messageid: <1429790857.19.0.925224154305.issue23974@psf.upfronthosting.co.za> |
2015-04-23 12:07:37 | christian.heimes | link | issue23974 messages |
2015-04-23 12:07:36 | christian.heimes | create | |
|