Author ncoghlan
Recipients Decorater, ncoghlan, python-dev, vstinner
Date 2016-08-20.17:54:45
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1471715685.7.0.732724793745.issue27776@psf.upfronthosting.co.za>
In-reply-to
Content
+1 for a fallback in the SIPHash initialisation as well.

That's the case where Nathaniel Smith suggested we may want to issue a warning that the process shouldn't be used to handle untrusted inputs (since that particular remote DoS defence won't be working properly), but the monotonic time + the PID should be sufficiently unpredictable seeding for that case (since there are plenty of lower hanging fruit for attackers to go after).

For testing, is there some way we could integrate an automated test of the deliberately misbehaving _PyOS_UrandomNonBlock into the testembed helper? If we can come up with a sensible way to do that, it could potentially help with testing the os.getrandom() BlockingIOError generation as well.
History
Date User Action Args
2016-08-20 17:54:45ncoghlansetrecipients: + ncoghlan, vstinner, python-dev, Decorater
2016-08-20 17:54:45ncoghlansetmessageid: <1471715685.7.0.732724793745.issue27776@psf.upfronthosting.co.za>
2016-08-20 17:54:45ncoghlanlinkissue27776 messages
2016-08-20 17:54:45ncoghlancreate