This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author skrah
Recipients Colm Buckley, Lukasa, alex, christian.heimes, doko, dstufft, larry, lemburg, martin.panter, matejcik, ned.deily, python-dev, rhettinger, skrah, thomas-petazzoni, vstinner, ztane
Date 2016-06-07.14:19:09
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1465309150.11.0.851073357095.issue26839@psf.upfronthosting.co.za>
In-reply-to
Content 
man urandom:

"A read from the /dev/urandom device will not block waiting for more entropy.  As a result, if there is not sufficient entropy in  the
       entropy  pool,  the  returned  values  are  theoretically  vulnerable to a cryptographic attack on the algorithms used by the driver.
       Knowledge of how to do this is not available in the current unclassified literature, but it is theoretically possible  that  such  an
       attack may exist.  If this is a concern in your application, use /dev/random instead."


There was never any guarantee on Linux. Python is a language and not an application. Security checks should be done by applications or better during the OS startup.  Any properly configured Linux server will not have a problem, but it is not up to a language implementation to check for that.
History
Date User Action Args
2016-06-07 14:19:10skrahsetrecipients: + skrah, lemburg, rhettinger, doko, vstinner, larry, christian.heimes, matejcik, ned.deily, alex, python-dev, martin.panter, ztane, dstufft, Lukasa, thomas-petazzoni, Colm Buckley
2016-06-07 14:19:10skrahsetmessageid: <1465309150.11.0.851073357095.issue26839@psf.upfronthosting.co.za>
2016-06-07 14:19:10skrahlinkissue26839 messages
2016-06-07 14:19:09skrahcreate