Message 241863 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	christian.heimes
Recipients	christian.heimes, gurnec, mark.dickinson, rhettinger, serhiy.storchaka, skip.montanaro
Date	2015-04-23.12:07:36
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1429790857.19.0.925224154305.issue23974@psf.upfronthosting.co.za>
In-reply-to

Content
IMO it's not a security issue at all. If you have to care about security, you shouldn't use the random module at all. random.SystemRandom() merely uses a CPRNG as entropy source. But It also manipulates numbers in ways that may or may not be safe. Only os.getrandom() returns unmodified and unbiased random numbers -- iff the operating system provides a proper CPRNG.

IMO it's not a security issue at all. If you have to care about security, you shouldn't use the random module at all. random.SystemRandom() merely uses a CPRNG as entropy source. But It also manipulates numbers in ways that may or may not be safe.

Only os.getrandom() returns unmodified and unbiased random numbers -- iff the operating system provides a proper CPRNG.

History
Date	User	Action	Args
2015-04-23 12:07:37	christian.heimes	set	recipients: + christian.heimes, skip.montanaro, rhettinger, mark.dickinson, serhiy.storchaka, gurnec
2015-04-23 12:07:37	christian.heimes	set	messageid: <1429790857.19.0.925224154305.issue23974@psf.upfronthosting.co.za>
2015-04-23 12:07:37	christian.heimes	link	issue23974 messages
2015-04-23 12:07:36	christian.heimes	create