> -----Original Message----- > From: Python-Dev [mailto:python-dev-bounces+tritium- > list=sdamon....@python.org] On Behalf Of Sebastian Krause > Sent: Friday, June 10, 2016 1:01 PM > To: python-dev@python.org > Subject: Re: [Python-Dev] BDFL ruling request: should we block forever > waiting for high-quality random bits? > > Guido van Rossum <gu...@python.org> wrote: > > I just don't like the potentially blocking behavior, and experts' opinions > > seem to widely vary on how insecure the fallback bits really are, how > > likely you are to find yourself in that situation, and how probable an > > exploit would be. > > This is not just a theoretical problem being discussed by security > experts that *could* be exploited, there have already been multiple > real-life cases of devices (mostly embedded Linux machines) > generating predicatable SSH keys because they read from an > uninitialized /dev/urandom at first boot. Most recently in the > Raspbian distribution for the Raspberry Pi: > https://www.raspberrypi.org/forums/viewtopic.php?f=66&t=126892 > > At least in 3.6 there should be obvious way to get random data that > *always* guarantees to be secure and either fails or blocks if it > can't guarantee that. > > Sebastian
And that should live in the secrets module. _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
