Donald Stufft writes: > I guess one question would be, what does the secrets module do if > it’s on a Linux that is too old to have getrandom(0), off the top > of my head I can think of: > > * Silently fall back to reading os.urandom and hope that it’s been > seeded. > * Fall back to os.urandom and hope that it’s been seeded and add a > SecurityWarning or something like it to mention that it’s > falling back to os.urandom and it may be getting predictable > random from /dev/urandom. > * Hard fail because it can’t guarantee secure cryptographic > random.
I'm going to hide behind the Linux manpage (which actually suggests saving the data in a file to speed initialization at boot) in mentioning this: * if random_initialized_timestamp_pre_boot(): r = open("/dev/random", "rb") u = open("/dev/urandom", "wb") u.write(r.read(enough_bytes)) set_random_initialized_timestamp() # in theory, secrets can now use os.urandom _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com