This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author dstufft
Recipients Colm Buckley, Lukasa, alex, doko, dstufft, larry, lemburg, martin.panter, matejcik, ned.deily, python-dev, rhettinger, skrah, thomas-petazzoni, vstinner, ztane
Date 2016-06-07.12:40:32
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1465303232.29.0.991986972079.issue26839@psf.upfronthosting.co.za>
In-reply-to
Content 
(Basically) nobody should ever use /dev/random (and cryptographers agree!). The thing you want to use is /dev/urandom and the fact that /dev/urandom on Linux doesn't block before the pool is initalized has long been considered by cryptographers to be a fairly large flaw. The ``getrandom()`` calls were added explicitly to allow programs to get the correct behavior out of the system random.

For more information see http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/ or http://www.2uo.de/myths-about-urandom/. The /dev/urandom man page is wrong, and it's wrong for political reasons and because Ted T'so has bad opinions.
History
Date User Action Args
2016-06-07 12:40:32dstufftsetrecipients: + dstufft, lemburg, rhettinger, doko, vstinner, larry, matejcik, ned.deily, alex, skrah, python-dev, martin.panter, ztane, Lukasa, thomas-petazzoni, Colm Buckley
2016-06-07 12:40:32dstufftsetmessageid: <1465303232.29.0.991986972079.issue26839@psf.upfronthosting.co.za>
2016-06-07 12:40:32dstufftlinkissue26839 messages
2016-06-07 12:40:32dstufftcreate