This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author Colm Buckley
Recipients Colm Buckley, Lukasa, alex, christian.heimes, doko, dstufft, larry, lemburg, martin.panter, matejcik, ned.deily, python-dev, rhettinger, skrah, thomas-petazzoni, vstinner, ztane
Date 2016-06-07.14:43:43
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
Victor -

I see three options for 3.5.2:

* continue with the 3.5.1 behaviour, which blocks all python invocations in low-entropy situations. I think this is highly undesireable.

* apply my patches, which fixes the hash secret initialization but not 'import random'. This at least allows current Debian testing-track systems to boot properly ;)

* attempt to find a solution for #25420 which also addresses this issue. The original patch we submitted fixed both, but has encountered community objections from Donald and others.

The situation we're encountering is that it is *not possible* to use a sound PRNG under certain circumstances - if the system doesn't have entropy, it doesn't have entropy and there's not a lot to be done about it apart from wait.

I posit that an application which uses the random module has higher expectations of unpredictability, and therefore should take userspace measures to ensure entropy availability (as you suggest in msg253163 for example).

Note that the previous behavior (reading /dev/urandom) returns potentially unsafe data (as Donald and others point out). The only resolution to me seems to be modifying the behavior of the random module so that the buffer is initialized lazily (at first use, rather than at module import). This should be relatively straightforward, but I haven't had time to unpick all the logic of to determine The Right Thing. Maybe Raymond can take a look at this?

In summary: I propose that the fix for this issue be implemented using the patches already discussed in this thread, and the fix for #25420 be implemented by modifying

Is this acceptable to everyone?
Date User Action Args
2016-06-07 14:43:43Colm Buckleysetrecipients: + Colm Buckley, lemburg, rhettinger, doko, vstinner, larry, christian.heimes, matejcik, ned.deily, alex, skrah, python-dev, martin.panter, ztane, dstufft, Lukasa, thomas-petazzoni
2016-06-07 14:43:43Colm Buckleysetmessageid: <>
2016-06-07 14:43:43Colm Buckleylinkissue26839 messages
2016-06-07 14:43:43Colm Buckleycreate