Author dstufft
Recipients Theodore Tso, dstufft, larry, ncoghlan, vstinner
Date 2016-06-09.00:14:26
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1465431267.53.0.00472501418062.issue27266@psf.upfronthosting.co.za>
In-reply-to
Content
Python should strive do the right thing, and the right thing for something as security sensitive as accessing a CSPRNG is to use the interface that most strongly promises to in fact, give cryptographically secure random numbers. Obsessing over the purity of matching /dev/urandom because the function happens to be called os.urandom is only making Python more dangerous to use.

This is exactly the kind of change like making urllib validate HTTPS by default, it doesn't matter what you document something as behaving, what matters is how people use it and what the expectations are of the average user. The nice thing about this change, is the downside is massively smaller than that urllib change, because it's basically not going to negatively affect the vast vast bulk of people. 

I think this is doubly so since to get the behavior you desire on Linux is trivial to do regardless of what os.urandom does, which is using the code snippet that Nick pasted.

Larry, I'm sorry but I think you're just flat wrong here and I don't know what else to say about it. Since you're the RM for 3.5 and you've made it clear you're against the behavior I'm advocating for, I'm going to respect your decision on that and I'm not going to pursue getting it into 3.5, however I am going to pursue getting it into 3.6.
History
Date User Action Args
2016-06-09 00:14:27dstufftsetrecipients: + dstufft, ncoghlan, vstinner, larry, Theodore Tso
2016-06-09 00:14:27dstufftsetmessageid: <1465431267.53.0.00472501418062.issue27266@psf.upfronthosting.co.za>
2016-06-09 00:14:27dstufftlinkissue27266 messages
2016-06-09 00:14:26dstufftcreate