Message267669
| Author |
dstufft |
| Recipients |
Colm Buckley, Lukasa, alex, christian.heimes, doko, dstufft, larry, lemburg, martin.panter, matejcik, ned.deily, python-dev, rhettinger, skrah, thomas-petazzoni, vstinner, ztane |
| Date |
2016年06月07日.13:40:16 |
| SpamBayes Score |
-1.0 |
| Marked as misclassified |
Yes |
| Message-id |
<1465306816.36.0.672099930394.issue26839@psf.upfronthosting.co.za> |
| In-reply-to |
| Content |
> My personal preference would be for os.urandom(n) to favor non-blocking operation over cryptographic security, and either add os.random() or add an optional parameter to os.urandom() to make the opposite trade-off.
Insecure by default is very rarely the right trade off. There are thousands of projects using ``os.urandom()`` already assuming it's going to give them cryptographically strong numbers. If we want a "maybe random" function or option, then it should be the new thing, not the other way around.
I have no problem with SipHash using a possibly insecure random so that Python can start up quickly even in the face of an unitialized urandom on Linux. I do have a problem with infecting every single call to os.urandom with that same choice.
> The current behavior is that Python *will not start at all* if getrandom() blocks (because the hash secret initialization fails).
It starts jsut fine, it just can possible takes awhile. |
|
History
|
|---|
| Date |
User |
Action |
Args |
| 2016年06月07日 13:40:16 | dstufft | set | recipients:
+ dstufft, lemburg, rhettinger, doko, vstinner, larry, christian.heimes, matejcik, ned.deily, alex, skrah, python-dev, martin.panter, ztane, Lukasa, thomas-petazzoni, Colm Buckley |
| 2016年06月07日 13:40:16 | dstufft | set | messageid: <1465306816.36.0.672099930394.issue26839@psf.upfronthosting.co.za> |
| 2016年06月07日 13:40:16 | dstufft | link | issue26839 messages |
| 2016年06月07日 13:40:16 | dstufft | create |
|