Donald Stufft writes:
> I guess one question would be, what does the secrets module do if
> it’s on a Linux that is too old to have getrandom(0), off the top
> of my head I can think of:
>
> * Silently fall back to reading os.urandom and hope that it’s been
> seeded.
> * Fall back to os.urandom and hope that it’s been seeded and add a
> SecurityWarning or something like it to mention that it’s
> falling back to os.urandom and it may be getting predictable
> random from /dev/urandom.
> * Hard fail because it can’t guarantee secure cryptographic
> random.
I'm going to hide behind the Linux manpage (which actually suggests
saving the data in a file to speed initialization at boot) in
mentioning this:
* if random_initialized_timestamp_pre_boot():
r = open("/dev/random", "rb")
u = open("/dev/urandom", "wb")
u.write(r.read(enough_bytes))
set_random_initialized_timestamp()
# in theory, secrets can now use os.urandom
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
