Nick Coghlan added the comment:

With the 3.6 os.urandom() implementation doing the right thing consistently 
cross-platform, our guidance for folks that care about the quality of the 
CSPRNG they use should be that they either upgrade to that version, or else 
ensure that the kernel CSPRNG is properly seeded before they run Python.

That is, I think the tone we're aiming for in the older docs now should be 
"You're using an older Python version, so if this problem description worries 
you, you need to either upgrade or else take the necessary steps to satisfy 
yourself that your host system's CSPRNG is properly configured", rather than 
the more passive "os.urandom() isn't necessarily secure" (with minimal guidance 
on what to do about it) that we've previously adopted.


Python tracker <>
Python-bugs-list mailing list

Reply via email to