Message 267966 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	martin.panter
Recipients	Theodore Tso, dstufft, larry, martin.panter, ncoghlan, vstinner
Date	2016-06-09.07:31:26
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1465457486.59.0.377843930058.issue27266@psf.upfronthosting.co.za>
In-reply-to

Content
I dislike the “block” term for a different reason: it suggests raising EAGAIN (= BlockingIOError). But the proposal here is actually to generate data with low entropy. In the long term, it sounds like two separate functions is the way to go. I would prefer os.urandom() to retain its 3.5.1 behaviour introduced by Issue 22181: wait for sufficient entropy. This would be consistent with other platforms. It can continue to be used by SystemRandom, secrets, etc. The documentation should be clarified to say that os.urandom() either returns data that is supposed to be “unpredictable enough for cryptographic applications”, blocks waiting for entropy, or raises an NotImplementedError if an OS API (e.g. /dev/urandom) is missing. The other function, say os.urandom_even_with_low_entropy(), would work like the old os.urandom() on Linux. On platforms like Free BSD, I guess it could fall back to the os.urandom() that waits for entropy. “Import random” would be changed to try this function. I wonder what we should do on Linux if /dev/urandom is unavailable and getrandom() would block. Probably raise NotImplementedError without waiting for entropy.

I dislike the “block” term for a different reason: it suggests raising EAGAIN (= BlockingIOError). But the proposal here is actually to generate data with low entropy.

In the long term, it sounds like two separate functions is the way to go. I would prefer os.urandom() to retain its 3.5.1 behaviour introduced by Issue 22181: wait for sufficient entropy. This would be consistent with other platforms. It can continue to be used by SystemRandom, secrets, etc. The documentation should be clarified to say that os.urandom() either returns data that is supposed to be “unpredictable enough for cryptographic applications”, blocks waiting for entropy, or raises an NotImplementedError if an OS API (e.g. /dev/urandom) is missing.

The other function, say os.urandom_even_with_low_entropy(), would work like the old os.urandom() on Linux. On platforms like Free BSD, I guess it could fall back to the os.urandom() that waits for entropy. “Import random” would be changed to try this function.

I wonder what we should do on Linux if /dev/urandom is unavailable and getrandom() would block. Probably raise NotImplementedError without waiting for entropy.

History
Date	User	Action	Args
2016-06-09 07:31:26	martin.panter	set	recipients: + martin.panter, ncoghlan, vstinner, larry, dstufft, Theodore Tso
2016-06-09 07:31:26	martin.panter	set	messageid: <1465457486.59.0.377843930058.issue27266@psf.upfronthosting.co.za>
2016-06-09 07:31:26	martin.panter	link	issue27266 messages
2016-06-09 07:31:26	martin.panter	create