[issue29790] Optional use of /dev/random on linux
Ivan Anishchuk added the comment: Victor, I suppose you don't happen to have a good entropy source? :) I cannot really stress the word "optional" enough here. And I understand why most user wouldn't want this. That's why I'm proposing to make it optional. As per PEP, "The /dev/random device should only used for very specific use cases." and that's exactly what I'm proposing, a special option for special use cases. (Speaking of options, it would've been nice to have more of those, I would really like to have an easy way to access an entropy source directly, not through system PRNG, for generating keys and like. But devices and interfaces can be different so it's out of scope for this proposal.) To be absolutely clear: what I'm proposing is a small improvement for linux users who have a good entropy source (e.g. a hardware TRNG) and specifically opt for this feature setting an environment variable (or by other means). Without affecting anyone else under any circumstances. -- ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue29790> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue29790] Optional use of /dev/random on linux
New submission from Ivan Anishchuk: Right now secrets module uses SystemRandom which is hardcoded to use os.urandom() which is fine for most users but some have good hardware sources of entropy (or otherwise replenish entropy pool) in which case it would be much better to use getrandom() with GRND_RANDOM flag i.e. to read from /dev/random pool. Simply subclassing SystemRandom is not enough, the idea is to make it possible for every library and program to use the big entropy pool if it's available. So I'm thinking it would be best to configure it with an environment variable, something like PYTHONTRUERANDOM or PYTHONDEVRANDOM. Admittedly, only a small subset of users would benefit from this but changes required are also small and I'm willing to do all the work here. Are there any reason this patch won't be accepted? Any preferences regarding variable name? -- components: Library (Lib) messages: 289410 nosy: IvanAnishchuk priority: normal severity: normal status: open title: Optional use of /dev/random on linux type: enhancement versions: Python 3.6 ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue29790> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com