[Python-Dev] Re: [slightly OT] cryptographically strong random.SystemRandom()

[Wes Turner]

FWIW, here is what https://cryptography.io has re: random (/? rng python
cryptography)

```rst
Random number generation


When generating random data for use in cryptographic operations, such as an
initialization vector for encryption in
:class:`~cryptography.hazmat.primitives.ciphers.modes.CBC` mode, you do not
want to use the standard :mod:`random` module APIs. This is because they do
not
provide a cryptographically secure random number generator, which can
result in
major security issues depending on the algorithms in use.

Therefore, it is our recommendation to `always use your operating system's
provided random number generator`_, which is available as
:func:`os.urandom`.
For example, if you need 16 bytes of random data for an initialization
vector,
you can obtain them with:

.. doctest::

>>> import os
>>> iv = os.urandom(16)

This will use ``/dev/urandom`` on UNIX platforms, and ``CryptGenRandom`` on
Windows.

If you need your random number as an integer (for example, for
:meth:`~cryptography.x509.CertificateBuilder.serial_number`), you can use
``int.from_bytes`` to convert the result of ``os.urandom``:

.. code-block:: pycon

>>> serial = int.from_bytes(os.urandom(20), byteorder="big")

Starting with Python 3.6 the `standard library includes`_ the ``secrets``
module, which can be used for generating cryptographically secure random
numbers, with specific helpers for text-based formats.

.. _`always use your operating system's provided random number generator`:
https://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/
.. _`standard library includes`:
https://docs.python.org/3/library/secrets.html
```

- https://docs.python.org/3/library/random.html
- https://docs.python.org/3/library/random.html#random.SystemRandom
  - https://docs.python.org/3/library/os.html#os.urandom (see below for the
docs)
- https://docs.python.org/3/library/secrets.html
-
https://numpy.org/doc/stable/reference/random/generator.html#simple-random-data
-
https://docs.scipy.org/doc/scipy/reference/tutorial/stats/discrete.html#discrete-distributions-in-scipy-stats
  -
https://docs.scipy.org/doc/scipy/reference/tutorial/stats/discrete_randint.html
- https://docs.python.org/3/library/os.html#os.urandom :

```rst
Random numbers
--


.. function:: getrandom(size, flags=0)

   Get up to *size* random bytes. The function can return less bytes than
   requested.

   These bytes can be used to seed user-space random number generators or
for
   cryptographic purposes.

   ``getrandom()`` relies on entropy gathered from device drivers and other
   sources of environmental noise. Unnecessarily reading large quantities of
   data will have a negative impact on  other users  of the ``/dev/random``
and
   ``/dev/urandom`` devices.

   The flags argument is a bit mask that can contain zero or more of the
   following values ORed together: :py:data:`os.GRND_RANDOM` and
   :py:data:`GRND_NONBLOCK`.

   See also the `Linux getrandom() manual page
   `_.

   .. availability:: Linux 3.17 and newer.

   .. versionadded:: 3.6

.. function:: urandom(size)

   Return a string of *size* random bytes suitable for cryptographic use.

   This function returns random bytes from an OS-specific randomness
source.  The
   returned data should be unpredictable enough for cryptographic
applications,
   though its exact quality depends on the OS implementation.

   On Linux, if the ``getrandom()`` syscall is available, it is used in
   blocking mode: block until the system urandom entropy pool is initialized
   (128 bits of entropy are collected by the kernel). See the :pep:`524` for
   the rationale. On Linux, the :func:`getrandom` function can be used to
get
   random bytes in non-blocking mode (using the :data:`GRND_NONBLOCK` flag)
or
   to poll until the system urandom entropy pool is initialized.

   On a Unix-like system, random bytes are read from the ``/dev/urandom``
   device. If the ``/dev/urandom`` device is not available or not readable,
the
   :exc:`NotImplementedError` exception is raised.

   On Windows, it will use ``CryptGenRandom()``.

   .. seealso::
  The :mod:`secrets` module provides higher level functions. For an
  easy-to-use interface to the random number generator provided by your
  platform, please see :class:`random.SystemRandom`.

   .. versionchanged:: 3.6.0
  On Linux, ``getrandom()`` is now used in blocking mode to increase the
  security.

   .. versionchanged:: 3.5.2
  On Linux, if the ``getrandom()`` syscall blocks (the urandom entropy
pool
  is not initialized yet), fall back on reading ``/dev/urandom``.

   .. versionchanged:: 3.5
  On Linux 3.17 and newer, the ``getrandom()`` syscall is now used
  when available.  On OpenBSD 5.6 and newer, the C ``getentropy()``
  function is now used. These functions avoid the usage of an internal
file
  descriptor.

.. data:: GRND_NONB

[Python-Dev] Re: [slightly OT] cryptographically strong random.SystemRandom()

[Wes Turner]

* Citation: https://cryptography.io/en/latest/random-numbers/

On Sat, Jul 10, 2021 at 7:53 PM Wes Turner  wrote:

> FWIW, here is what https://cryptography.io has re: random (/? rng python
> cryptography)
>
> ```rst
> Random number generation
> 
>
> When generating random data for use in cryptographic operations, such as an
> initialization vector for encryption in
> :class:`~cryptography.hazmat.primitives.ciphers.modes.CBC` mode, you do not
> want to use the standard :mod:`random` module APIs. This is because they
> do not
> provide a cryptographically secure random number generator, which can
> result in
> major security issues depending on the algorithms in use.
>
> Therefore, it is our recommendation to `always use your operating system's
> provided random number generator`_, which is available as
> :func:`os.urandom`.
> For example, if you need 16 bytes of random data for an initialization
> vector,
> you can obtain them with:
>
> .. doctest::
>
> >>> import os
> >>> iv = os.urandom(16)
>
> This will use ``/dev/urandom`` on UNIX platforms, and ``CryptGenRandom`` on
> Windows.
>
> If you need your random number as an integer (for example, for
> :meth:`~cryptography.x509.CertificateBuilder.serial_number`), you can use
> ``int.from_bytes`` to convert the result of ``os.urandom``:
>
> .. code-block:: pycon
>
> >>> serial = int.from_bytes(os.urandom(20), byteorder="big")
>
> Starting with Python 3.6 the `standard library includes`_ the ``secrets``
> module, which can be used for generating cryptographically secure random
> numbers, with specific helpers for text-based formats.
>
> .. _`always use your operating system's provided random number generator`:
> https://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/
> .. _`standard library includes`:
> https://docs.python.org/3/library/secrets.html
> ```
>
> - https://docs.python.org/3/library/random.html
> - https://docs.python.org/3/library/random.html#random.SystemRandom
>   - https://docs.python.org/3/library/os.html#os.urandom (see below for
> the docs)
> - https://docs.python.org/3/library/secrets.html
> -
> https://numpy.org/doc/stable/reference/random/generator.html#simple-random-data
> -
> https://docs.scipy.org/doc/scipy/reference/tutorial/stats/discrete.html#discrete-distributions-in-scipy-stats
>   -
> https://docs.scipy.org/doc/scipy/reference/tutorial/stats/discrete_randint.html
> - https://docs.python.org/3/library/os.html#os.urandom :
>
> ```rst
> Random numbers
> --
>
>
> .. function:: getrandom(size, flags=0)
>
>Get up to *size* random bytes. The function can return less bytes than
>requested.
>
>These bytes can be used to seed user-space random number generators or
> for
>cryptographic purposes.
>
>``getrandom()`` relies on entropy gathered from device drivers and other
>sources of environmental noise. Unnecessarily reading large quantities
> of
>data will have a negative impact on  other users  of the
> ``/dev/random`` and
>``/dev/urandom`` devices.
>
>The flags argument is a bit mask that can contain zero or more of the
>following values ORed together: :py:data:`os.GRND_RANDOM` and
>:py:data:`GRND_NONBLOCK`.
>
>See also the `Linux getrandom() manual page
>`_.
>
>.. availability:: Linux 3.17 and newer.
>
>.. versionadded:: 3.6
>
> .. function:: urandom(size)
>
>Return a string of *size* random bytes suitable for cryptographic use.
>
>This function returns random bytes from an OS-specific randomness
> source.  The
>returned data should be unpredictable enough for cryptographic
> applications,
>though its exact quality depends on the OS implementation.
>
>On Linux, if the ``getrandom()`` syscall is available, it is used in
>blocking mode: block until the system urandom entropy pool is
> initialized
>(128 bits of entropy are collected by the kernel). See the :pep:`524`
> for
>the rationale. On Linux, the :func:`getrandom` function can be used to
> get
>random bytes in non-blocking mode (using the :data:`GRND_NONBLOCK`
> flag) or
>to poll until the system urandom entropy pool is initialized.
>
>On a Unix-like system, random bytes are read from the ``/dev/urandom``
>device. If the ``/dev/urandom`` device is not available or not
> readable, the
>:exc:`NotImplementedError` exception is raised.
>
>On Windows, it will use ``CryptGenRandom()``.
>
>.. seealso::
>   The :mod:`secrets` module provides higher level functions. For an
>   easy-to-use interface to the random number generator provided by your
>   platform, please see :class:`random.SystemRandom`.
>
>.. versionchanged:: 3.6.0
>   On Linux, ``getrandom()`` is now used in blocking mode to increase
> the
>   security.
>
>.. versionchanged:: 3.5.2
>   On Linux, if the ``getrandom()`` syscall blocks (the urandom entropy
> pool
>

[Python-Dev] [RELEASE] Python 3.10.0b4 is available

[Pablo Galindo Salgado]

Wow! A release on a Saturday? Do the release management team even rest? You
better believe it, because this is the last of the planned beta releases.
This means that the next pre-release will be the first release candidate of
Python 3.10.0. Remember that our goal is to have no ABI changes after this
beta and a few code changes as possible after 3.10.0rc1.

https://www.python.org/downloads/release/python-3100b4/

#This is a beta preview of Python 3.10

Python 3.10 is still in development. 3.10.0b4 is the fourth and last of the
beta release previews. Beta release previews are intended to give the wider
community the opportunity to test new features and bug fixes and to prepare
their projects to support the new feature release.

We strongly encourage maintainers of third-party Python projects to test
with 3.10 during the beta phase and report issues found to the Python bug
tracker as soon as possible. While the release is planned to be feature
complete entering the beta phase, it is possible that features may be
modified or, in rare cases, deleted up until the start of the release
candidate phase (Monday, 2021-08-02). Our goal is to have no ABI changes
after beta 4 and as few code changes as possible after 3.10.0rc1, the first
release candidate. To achieve that, it will be extremely important to get
as much exposure for 3.10 as possible during the beta phase.

Please keep in mind that this is a preview release and its use is not
recommended for production environments.

The next pre-release, the first release candidate of Python 3.10.0, will be
3.10.0rc1. It is currently scheduled for Monday, 2021-08-02.

#And now for something completely different

In quantum physics, the spin is an intrinsic form of angular momentum
carried by elementary particles, composite particles, and atomic nuclei.
The spin is one of two types of angular momentum in quantum mechanics, the
other being orbital angular momentum. The orbital angular momentum operator
is the quantum-mechanical counterpart to the classical angular momentum of
orbital revolution and appears when there is periodic structure to its
wavefunction as the angle varies. For photons, spin is the
quantum-mechanical counterpart of the polarization of light; for electrons,
the spin has no classical counterpart.

# We hope you enjoy those new releases!

Thanks to all of the many volunteers who help make Python Development and
these releases possible! Please consider supporting our efforts by
volunteering yourself or through organization contributions to the Python
Software Foundation.

Regards from very cloudy London,

Your friendly release team,
Pablo Galindo @pablogsal
Ned Deily @nad
Steve Dower @steve.dower
___
Python-Dev mailing list -- python-dev@python.org
To unsubscribe send an email to python-dev-le...@python.org
https://mail.python.org/mailman3/lists/python-dev.python.org/
Message archived at 
https://mail.python.org/archives/list/python-dev@python.org/message/7MKFRWB4XKMNKXVHSBYTQ6RM4ZUL45XJ/
Code of Conduct: http://python.org/psf/codeofconduct/