Message267648
| Author |
vstinner |
| Recipients |
Colm Buckley, Lukasa, alex, doko, dstufft, larry, lemburg, martin.panter, matejcik, ned.deily, python-dev, rhettinger, skrah, thomas-petazzoni, vstinner, ztane |
| Date |
2016年06月07日.12:24:19 |
| SpamBayes Score |
-1.0 |
| Marked as misclassified |
Yes |
| Message-id |
<1465302259.51.0.434234223751.issue26839@psf.upfronthosting.co.za> |
| In-reply-to |
| Content |
Thomas Petazzoni: "The original problem is that Python wants to generate random numbers at *startup*. Are those random numbers really used for crypto-related activities? I doubt it."
Python randomized hash function and random.Random (Mersenne Twister, instanciated when "import random" is called) don't need high quality random. Poor entropy is enough ;-)
Thomas Petazzoni: "So isn't the proper solution to have two functions, one delivering random numbers that are usable for crypto-related activities, and which would potentially block, and a second one that delivers random numbers that are not appropriate for crypto stuff. This second function can be used at Python startup to replace what is done currently."
Sure, that's the obvious change: I proposed the issue #27250.
I forgot about the new secrets module. I agree that *this* module must require high-quality entropy. |
|
History
|
|---|
| Date |
User |
Action |
Args |
| 2016年06月07日 12:24:19 | vstinner | set | recipients:
+ vstinner, lemburg, rhettinger, doko, larry, matejcik, ned.deily, alex, skrah, python-dev, martin.panter, ztane, dstufft, Lukasa, thomas-petazzoni, Colm Buckley |
| 2016年06月07日 12:24:19 | vstinner | set | messageid: <1465302259.51.0.434234223751.issue26839@psf.upfronthosting.co.za> |
| 2016年06月07日 12:24:19 | vstinner | link | issue26839 messages |
| 2016年06月07日 12:24:19 | vstinner | create |
|