On 06/11/2016 12:49 AM, Steven D'Aprano wrote:
Will there be platforms where os.getrandom doesn't exist? If not, then
secrets can just rely on it, otherwise what should it do?
if hasattr(os, 'getrandom'):
return os.getrandom(n)
else:
# Fail? Fall back on os.urandom?
AFAIK:
* Only Linux and Solaris have getrandom() right now. IIUC Solaris
duplicated Linux's API, but I don't know that for certain, and I
don't know in particular what GRND_RANDOM does on Solaris. (Of
course, you don't need GRND_RANDOM for secrets.token_bytes().)
* Only Linux and OS X have never-blocking /dev/urandom. On Linux, you
can choose to block by calling getrandom(). On OS X you have no
choice, you can only use the never-blocking /dev/urandom. (OS X
also has a /dev/random but it behaves identically to /dev/urandom.)
OS X's man page reassuringly claims blocking is never necessary; the
blogosphere disagrees.
If I were writing the function for the secrets module, I'd write it like
you have above: call os.getrandom() if it's present, and os.urandom() if
it isn't. I believe that achieves current-best-practice everywhere: it
does the right thing on Linux, it does the right thing on Solaris, it
does the right thing on all the other OSes where reading from
/dev/urandom can block, and it uses the only facility available to us on
OS X.
//arry/
_______________________________________________
Python-Dev mailing list
[email protected]
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com