Donald Stufft added the comment:
haypo: It's been suggested by a number of security professionals that using the
OpenSSL random (or really any random) instead of urandom is likely to be a
smarter idea. The likelyhood that urandom is broken is far less than any other
source of random. This can be seen in the recent issues on the Android
platform. This is not to say that there's a reason to believe that OpenSSL is
broken currently, but that the chances are higher for it to be than
/dev/urandom. An example of when this happened was
http://www.debian.org/security/2008/dsa-1571.
There's no reason to believe that OpenSSL is wrong right now, but the chances
of OpenSSL being wrong are greater than the chances of /dev/urandom being
There's been a few threads on twitter about it in light of the Android
SecureRandom issue (don't need to read these, just here for reference):
- https://twitter.com/tqbf/status/368089082800246784
- https://twitter.com/tqbf/status/367793231808843777
- https://twitter.com/tqbf/status/368089362333827072
I don't think it actually matters if os.urandom or random.SystemRandom is the
preferred interface that keeps the FD open but I do believe there should be one
implementation that will use the OS source of random and maintain a persistent
FD.
----------
_______________________________________
Python tracker <[email protected]>
<http://bugs.python.org/issue18756>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
