Message 158203 - Python tracker

➜

This issue tracker has been migrated to GitHub , and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

In-reply-to
Author	vstinner
Recipients	adiroiban, loewis, vstinner, zooko
Date	2012年04月13日.09:58:30
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1334311111.61.0.0949501405666.issue9123@psf.upfronthosting.co.za>

Content
> This issue is a security vulnerability. I disagree, it's just an issue of a comment in the C code. The Python documentation doesn't guarantee that os.urandom() is cryptographic. Use ssl.RAND_bytes(), added to Python 3.3, if you need cryptographic random numbers. By the way, VMS is no more supported in Python 3.3, see the PEP 11: Name: VMS Unsupported in: Python 3.3 Code removed in: Python 3.4

Content

> This issue is a security vulnerability.
I disagree, it's just an issue of a comment in the C code. The Python documentation doesn't guarantee that os.urandom() is cryptographic.
Use ssl.RAND_bytes(), added to Python 3.3, if you need cryptographic random numbers.
By the way, VMS is no more supported in Python 3.3, see the PEP 11:
 Name: VMS
 Unsupported in: Python 3.3
 Code removed in: Python 3.4

History
Date	User	Action	Args
2012年04月13日 09:58:31	vstinner	set	recipients: + vstinner, loewis, zooko, adiroiban
2012年04月13日 09:58:31	vstinner	set	messageid: <1334311111.61.0.0949501405666.issue9123@psf.upfronthosting.co.za>
2012年04月13日 09:58:31	vstinner	link	issue9123 messages
2012年04月13日 09:58:30	vstinner	create

homepage