This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author vstinner
Recipients Colm Buckley, Lukasa, alex, doko, dstufft, larry, lemburg, martin.panter, matejcik, ned.deily, python-dev, rhettinger, skrah, thomas-petazzoni, vstinner, ztane
Date 2016-06-07.12:24:19
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1465302259.51.0.434234223751.issue26839@psf.upfronthosting.co.za>
In-reply-to
Content
Thomas Petazzoni: "The original problem is that Python wants to generate random numbers at *startup*. Are those random numbers really used for crypto-related activities? I doubt it."

Python randomized hash function and random.Random (Mersenne Twister, instanciated when "import random" is called) don't need high quality random. Poor entropy is enough ;-)

Thomas Petazzoni: "So isn't the proper solution to have two functions, one delivering random numbers that are usable for crypto-related activities, and which would potentially block, and a second one that delivers random numbers that are not appropriate for crypto stuff. This second function can be used at Python startup to replace what is done currently."

Sure, that's the obvious change: I proposed the issue #27250.

I forgot about the new secrets module. I agree that *this* module must require high-quality entropy.
History
Date User Action Args
2016-06-07 12:24:19vstinnersetrecipients: + vstinner, lemburg, rhettinger, doko, larry, matejcik, ned.deily, alex, skrah, python-dev, martin.panter, ztane, dstufft, Lukasa, thomas-petazzoni, Colm Buckley
2016-06-07 12:24:19vstinnersetmessageid: <1465302259.51.0.434234223751.issue26839@psf.upfronthosting.co.za>
2016-06-07 12:24:19vstinnerlinkissue26839 messages
2016-06-07 12:24:19vstinnercreate