Message267682
| Author |
skrah |
| Recipients |
Colm Buckley, Lukasa, alex, christian.heimes, doko, dstufft, larry, lemburg, martin.panter, matejcik, ned.deily, python-dev, rhettinger, skrah, thomas-petazzoni, vstinner, ztane |
| Date |
2016年06月07日.14:19:09 |
| SpamBayes Score |
-1.0 |
| Marked as misclassified |
Yes |
| Message-id |
<1465309150.11.0.851073357095.issue26839@psf.upfronthosting.co.za> |
| In-reply-to |
| Content |
man urandom:
"A read from the /dev/urandom device will not block waiting for more entropy. As a result, if there is not sufficient entropy in the
entropy pool, the returned values are theoretically vulnerable to a cryptographic attack on the algorithms used by the driver.
Knowledge of how to do this is not available in the current unclassified literature, but it is theoretically possible that such an
attack may exist. If this is a concern in your application, use /dev/random instead."
There was never any guarantee on Linux. Python is a language and not an application. Security checks should be done by applications or better during the OS startup. Any properly configured Linux server will not have a problem, but it is not up to a language implementation to check for that. |
|
History
|
|---|
| Date |
User |
Action |
Args |
| 2016年06月07日 14:19:10 | skrah | set | recipients:
+ skrah, lemburg, rhettinger, doko, vstinner, larry, christian.heimes, matejcik, ned.deily, alex, python-dev, martin.panter, ztane, dstufft, Lukasa, thomas-petazzoni, Colm Buckley |
| 2016年06月07日 14:19:10 | skrah | set | messageid: <1465309150.11.0.851073357095.issue26839@psf.upfronthosting.co.za> |
| 2016年06月07日 14:19:10 | skrah | link | issue26839 messages |
| 2016年06月07日 14:19:09 | skrah | create |
|