Message 267927 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	dstufft
Recipients	Theodore Tso, dstufft, larry, vstinner
Date	2016-06-08.23:16:00
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1465427760.76.0.264990741943.issue27266@psf.upfronthosting.co.za>
In-reply-to

Content
> > there is a lot of code out there using os.urandom for it's security properties > > This is exactly why we should not change the behavior of os.urandom(). os.urandom() must not block on Linux. So defaulting to block=True on Linux is a non-starter. This statement doesn't make any sense to me... you're asserting that because a lot of people are using os.urandom assuming it's going to give them cryptographically secure random numbers... we shouldn't change the implementation of this function to assure that they are going to get cryptographically secure random numbers?

> > there is a lot of code out there using os.urandom for it's security properties
>
> This is exactly why we should not change the behavior of os.urandom().  os.urandom() must not block on Linux.  So defaulting to block=True on Linux is a non-starter.

This statement doesn't make any sense to me... you're asserting that because a lot of people are using os.urandom assuming it's going to give them cryptographically secure random numbers... we shouldn't change the implementation of this function to assure that they are going to get cryptographically secure random numbers?

History
Date	User	Action	Args
2016-06-08 23:16:00	dstufft	set	recipients: + dstufft, vstinner, larry, Theodore Tso
2016-06-08 23:16:00	dstufft	set	messageid: <1465427760.76.0.264990741943.issue27266@psf.upfronthosting.co.za>
2016-06-08 23:16:00	dstufft	link	issue27266 messages
2016-06-08 23:16:00	dstufft	create