Message267731
> Python hash randomization only happens once. So it's not a matter of how early we try the attack, it's a matter of how early we seed Python hash randomization.
Sorry Larry, I was insufficiently clear (relying on context from earlier). I totally agree that Python startup should not block. I'm saying that having getrandom() called in "blocking mode" for os.urandom, random.SystemRandom, and secrets is not a DoS vector. |
|
Date |
User |
Action |
Args |
2016-06-07 19:12:01 | Lukasa | set | recipients:
+ Lukasa, lemburg, rhettinger, doko, vstinner, larry, christian.heimes, matejcik, ned.deily, alex, skrah, python-dev, martin.panter, ztane, dstufft, thomas-petazzoni, Colm Buckley |
2016-06-07 19:12:00 | Lukasa | set | messageid: <1465326720.96.0.220308713091.issue26839@psf.upfronthosting.co.za> |
2016-06-07 19:12:00 | Lukasa | link | issue26839 messages |
2016-06-07 19:12:00 | Lukasa | create | |
|