STINNER Victor added the comment:

> Please ensure that the documentation properly warns users about these edge 
> cases.

I disagree. I don't think that the Python documentation is the right place to 
document the security level of system urandom.

It's just a mess, there are so many corner cases and it's very hard to provide 
a clear explanation for end users.

I suggest to keep the positive "suitable for cryptographic use". If you change 
this sentence, I only expect that users will use something WORSE. For example 
"os.urandom is not secure! we must use ssl.RAND_bytes!". No. Don't do that, 
ssl.RAND_bytes() has its own set of issues, like two processes with the same 
pid producing the same random sequence... (old known issue, very hard to fix)

Python cannot workaround OS limitations, we can only do our best to use the 
most secure source of entropy. That's why Python 3.5 now uses getrandom() on 
Linux. That's why Python 3.6 now calls getrandom() in blocking mode.


Python tracker <>
Python-bugs-list mailing list

Reply via email to