This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author vstinner
Recipients Lukasa, alex, christian.heimes, dstufft, lemburg, vstinner
Date 2016-06-08.22:42:03
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1465425723.27.0.0161891620932.issue27250@psf.upfronthosting.co.za>
In-reply-to
Content
IMHO "Should os.urandom() block before the kernel collected enough entropy?" is the last major question in the large discussion around random:
https://haypo-notes.readthedocs.io/pep_random.html#os-urandom

It became clear that Python at startup should use a weak entropy if high-quality entropy is not available (read would block):
https://haypo-notes.readthedocs.io/pep_random.html#python-startup

So Python startup should no more be impacted if os.urandom() blocks or not. In this case, I'm in favor of making os.urandom() the most secure as possible: block until the kernel collected enough entropy. I'm in favor in the issue #27266 instead of this one.

If it is not possible to agree on a solution, I fear that a PEP will be required. I hope that once people understood that the Python startup issue is (no more) unrelated to the behaviour of os.urandom() (block or not), most people will be in favor of making os.urandom() as secure as possible.

See also https://haypo-notes.readthedocs.io/pep_random.html : my summary of the issue #26839.
History
Date User Action Args
2016-06-08 22:42:03vstinnersetrecipients: + vstinner, lemburg, christian.heimes, alex, dstufft, Lukasa
2016-06-08 22:42:03vstinnersetmessageid: <1465425723.27.0.0161891620932.issue27250@psf.upfronthosting.co.za>
2016-06-08 22:42:03vstinnerlinkissue27250 messages
2016-06-08 22:42:03vstinnercreate