Nick Coghlan added the comment: On modern Intel chips, one of the entropy sources is the CPU itself, and so this problem is mostly theoretical on such systems unless you're worried about the quality of Intel's entropy generation (in which case you're well and truly into sovereign espionage and advanced persistent threat territory, and really shouldn't be blindly trusting operating systems and programming language runtimes to already be doing the right thing).
So the main ways to get bad entropy from /dev/urandom on Linux are: - a misconfigured VM that has been cut off from all decent entropy sources, and doesn't have any persistent storage attached - an embedded non-Intel chip that doesn't have any decent entropy sources or persistent storage attached If you're not doing either of those things, you're probably fine. If you're worried that you might be, try running Python 3.6 and calling os.getrandom() explicitly to see what happens. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue27292> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
