On 06/09/2016 03:22 PM, Larry Hastings wrote:
On 06/09/2016 08:52 AM, Guido van Rossum wrote:
That leaves direct calls to os.urandom(). I don't think this should
block either.
Then it's you and me against the rest of the world ;-)
Okay, it's decided: os.urandom() must be changed for 3.5.2 to never
block on a getrandom() call.
One way to not block is to raise an exception. Since this is such a
rare occurrence anyway I don't see this being a problem, plus it keeps
everybody mostly happy: normal users won't see it hang, crypto-folk
won't see vulnerable-from-this-cause-by-default machines, and those
running Python early in the boot sequence will have something they can
figure out, plus an existing knob to work around it [hashseed, I think?].
As a concession to [the crypto experts], I propose adding a simple!
predictable! function to Python 3.5.2: os.getrandom().
This would be unnecessary if we go the exception route.
And the implementation of os.getrandom() should be
very straightforward, and its semantics will mirror the native call, so
I'm pretty confident we can get it solid in a couple of days, though we
might slip 3.5.2rc1 by a day or two.
I would think the exception route would also not take very long to make
solid.
Okay, I'll shut up now. ;)
--
~Ethan~
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
