On 07.06.2016 14:40, Donald Stufft wrote:
> 
> Donald Stufft added the comment:
> 
> (Basically) nobody should ever use /dev/random (and cryptographers agree!). The thing you want to use is /dev/urandom and the fact that /dev/urandom on Linux doesn't block before the pool is initalized has long been considered by cryptographers to be a fairly large flaw. The ``getrandom()`` calls were added explicitly to allow programs to get the correct behavior out of the system random.

Sounds to me that what you really want is os.getrandom() and not
a change in the implementation of os.urandom().

I think that would be a better solution overall: we get os.getrandom()
with access to all options and have os.urandom be the non-blocking
interface to /dev/urandom it has always been.

> For more information see http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/ or http://www.2uo.de/myths-about-urandom/. The /dev/urandom man page is wrong, and it's wrong for political reasons and because Ted T'so has bad opinions.

I'm not sure what you are trying to tell me with those blog
posts or comments. The concept of trying to measure entropy
in an entropy pool is certainly something that people can have
different opinions about, but it's not wrong per-se when you
don't have easy access to a hardware device providing truely
random data (as in the Raspi SoC).

IMO, blocking is never a good strategy, since it doesn't increase
security - in fact, it lowers it because it opens up a denial
of service attack vector. Raising an exception is or providing other
ways of letting the application decide.