[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

STINNER Victor added the comment: I don't like this idea anymore ("add block=False parameter to os.urandom()"), so I close this issue. I wrote the PEP 524 to propose to make os.urandom() blocking on Linux. The discussion moved to the security-sig mailing list. -- resolution: -> rejec

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

Changes by Donald Stufft : -- nosy: -dstufft ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.pyth

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

Changes by Christian Heimes : -- nosy: -christian.heimes ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

Nick Coghlan added the comment: Since Victor requested it, I filed #27282 to track the "raise BlockingIOError if the kernel would block" design option. The key advantage that particular model offers is that it's trivial to build a blocking version as a busy loop around the non-blocking version

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

Donald Stufft added the comment: Having os.urandom raise an error instead of blocking is OK with me. It turns an implicit error into an explicit one. However, I prefer to have it block until it has initialized it's entropy pool because that makes Linux behave similarly to all of the other majo

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

STINNER Victor added the comment: Larry Hastings: > Just to confirm: that's a fresh Windows VM, never been booted before ever? > If it had ever been booted before, it might be saving its entropy pools to > the hard disk at shutdown. The VM was booted before. I don't see how I could schedule a

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

Cory Benfield added the comment: > It looks like people don't read what I'm writing :-( I'm reading you, Victor, but you and I aren't disagreeing, so I'm not trying to convince you. =) I'm trying to convince Larry. -- ___ Python tracker

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

STINNER Victor added the comment: > Not that it needs saying again, but I'm still in favour of doing something > like what Christian is suggesting, or like I suggested earlier (have > os.urandom remain good, have Python internally fall back to weaker seeds for > random and SipHash if it's run

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

STINNER Victor added the comment: Christian Heimes: > For os.urandom() let's define it as non-blocking and raise an exception > when it would blocks. There is a lot of discussion around random in the bug tracker, it's really hard to follow :-( Please use specific issues for each idea. Making os.

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

Cory Benfield added the comment: > Those say that if you call getrandom(GRND_NONBLOCK) before the entropy > pool has been initialized, it will return EAGAIN, but any time you read > from /dev/urandom you will always get random data. Yeah, so this is why the crypto folks were all up in arms abou

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

Larry Hastings added the comment: > In my tests, reading from /dev/urandom never blocks even before urandom is > initialized. That's correct, and is the big difference between getrandom(0) and reading from /dev/urandom. If "the entropy pool has not been initialized" (terminology from the man

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

STINNER Victor added the comment: Christian Heimes added the comment: > I'm -1 on a block=True/False parameter. It makes the API more awkward and > will make people move away from os.urandom() to a self-made RNG because they > perceive os.urandom() as potential blocking. Are you against the fe

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

Larry Hastings added the comment: > Oh, I found how to start a task before the user login, and os.urandom() still > works: it produces 16 bytes immediatly (in 0.0 second). Just to confirm: that's a fresh Windows VM, never been booted before ever? If it had ever been booted before, it might be

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

STINNER Victor added the comment: > "early" is not correct: it's late in fact, only when the desktop is opened. I > should use GPEDIT.MSC to start a task before the desktop, but this command > doesn't seem to be available on my Windows 8? Oh, I found how to start a task before the user login,

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

Christian Heimes added the comment: On 2016-06-09 10:49, Marc-Andre Lemburg wrote: > It is a corner case, but one we'll see hit us more often going > forward, since booting up VMs/containers no longer is a rather > rare incident. It's being used as part of the architecture of > system nowadays.

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

Marc-Andre Lemburg added the comment: On 09.06.2016 10:16, STINNER Victor wrote: > > STINNER Victor added the comment: > > Marc-Andre Lemburg: >> I propose to deprecate os.urandom() altogether due to all the issues we've >> discussed on all those recent tickets. > > I'm sorry, but I don't und

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

STINNER Victor added the comment: I also tested to call os.urandom() "early" in the Windows boot process in a Windows VM. Using a startup entry in the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run registry key, os.urandom() works immediatly (it is able to produce 16 bytes of

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

Larry Hastings added the comment: > Can we please try to be clear about what kind of blocking we mean? > getrandom(flags=0) absolutely *can* block: that's what the original issue was > all about. To ensure it *never* blocks you need to call > getrandom(GRND_NONBLOCK): that's why the flag exist

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

STINNER Victor added the comment: If you didn't read it yet, I suggest you to read my summary of the issue #26839 which contains a lot of information on RNG in the case of Python: http://haypo-notes.readthedocs.io/pep_random.html It can be used to write a real PEP. --

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

STINNER Victor added the comment: Marc-Andre Lemburg: > I propose to deprecate os.urandom() altogether due to all the issues we've > discussed on all those recent tickets. I'm sorry, but I don't understand the purpose of this change. Usually, when we deprecate something, it is in favor of a ne

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

Cory Benfield added the comment: > But Theodore Ts'o said on the tracker: if you call getrandom() and don't pass > in GRND_RANDOM, it's equivalent to /dev/urandom. So, if getrandom is > available, getrandom(flags=0) will always work and never block. Can we please try to be clear about what ki

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

Christian Heimes added the comment: I'm -1 on a block=True/False parameter. It makes the API more awkward and will make people move away from os.urandom() to a self-made RNG because they perceive os.urandom() as potential blocking. Victor, you can use sysctl on all BSD and Linux to check if th

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

Marc-Andre Lemburg added the comment: On 09.06.2016 09:57, STINNER Victor wrote: > > STINNER Victor added the comment: > > I played with select() on Linux on a VM: > > * /dev/random: it works as expected > * /dev/urandom: the device is already seen as readable even before the > urandom entrop

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

Larry Hastings added the comment: Fair enough. But Theodore Ts'o said on the tracker: if you call getrandom() and don't pass in GRND_RANDOM, it's equivalent to /dev/urandom. So, if getrandom is available, getrandom(flags=0) will always work and never block. -- __

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

STINNER Victor added the comment: Martin: > I wonder what we should do on Linux if /dev/urandom is unavailable and > getrandom() would block. os.urandom(block=False) should raise BlockingIOError if getrandom(GRND_NONBLOCK) fails with EAGAIN and /dev/urandom is not available. Larry: > I don't

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

Changes by Cory Benfield : -- nosy: +Lukasa ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

STINNER Victor added the comment: > I dislike the “block” term for a different reason: it suggests raising EAGAIN > (= BlockingIOError). But the proposal here is actually to generate data with > low entropy. Since os.urandom() is part of the os module, yes, I'm suggesting to raise BlockingIOE

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

Marc-Andre Lemburg added the comment: I propose to deprecate os.urandom() altogether due to all the issues we've discussed on all those recent tickets. See #27279 for details. On 09.06.2016 02:04, Nick Coghlan wrote: > I'd also *STRONGLY* request that we avoid adding any new APIs in relation to

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

STINNER Victor added the comment: I played with select() on Linux on a VM: * /dev/random: it works as expected * /dev/urandom: the device is already seen as readable even before the urandom entropy pool is initialized. It is not really surprising since, yes, read() does not block in practice

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

Larry Hastings added the comment: > I wonder what we should do on Linux if /dev/urandom is unavailable and > getrandom() would block. I don't think that happens. getrandom() actually supports two flags. The flag GRND_RANDOM tells it "behave like /dev/random". If you don't pass in GRND_RANDO

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

Christian Heimes added the comment: Can we please stop using the term "low entropy" here. It is wrong and makes my head hurt. "Running out of entropy" is an urban myth. It's about the initialization state of Kernel's internal RNG. The Kernel blocks the syscall as long as it is not confident en

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

Martin Panter added the comment: I dislike the “block” term for a different reason: it suggests raising EAGAIN (= BlockingIOError). But the proposal here is actually to generate data with low entropy. In the long term, it sounds like two separate functions is the way to go. I would prefer os.

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

Larry Hastings added the comment: AFAICT, the history is, Linux added /dev/urandom, then all the other UNIXes followed suit. I've read a lot of man pages for /dev/urandom (or equivalent) on a lot of different platforms and most of them say "this was added to Linux, so we added our own version

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

STINNER Victor added the comment: IHMO we only need two functions. os.urandom() is now documented as the reference for security. So we need a new function. I proposed a new urandom() parameter, but a new function without parameter would also be ok. If os.getrandom() is directly a binding of Linu

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

Larry Hastings added the comment: Victor: just to confirm, would "os.getrandom(n, block=True)" be okay with you? Do you strongly prefer adding the "block" parameter to os.urandom(), or do you not care much? -- ___ Python tracker

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

STINNER Victor added the comment: About the "add block=False parameter to os.urandom()" part of the issue title: I don't really care of the exact API. It can be a new function. The parameter can be named differently. The idea is to give access to users to Linux non-blocking /dev/urandom, and d

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

Donald Stufft added the comment: > Again, I cite #25003: he implicitly ruled there that it's not permissible for > os.urandom() to block on Solaris, so I think he agrees with me. To be clear, that's an entirely different kind of blocking. That made os.urandom on Solaris behave similarly to /de

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

Larry Hastings added the comment: > Larry, I'm sorry but I think you're just flat wrong here and I don't know > what else to say about it. Yeah, I think maybe asking Guido to make a ruling would be the right thing here. Again, I cite #25003: he implicitly ruled there that it's not permissibl

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

Larry Hastings added the comment: > As a process comment: I agree with what Victor wrote in > http://haypo-notes.readthedocs.io/pep_random.html#status-of-python-3-5-2, > when he suggests that we leave 3.5.2 as is for now [...] I agree in principle. Certainly we all agree it'd be inappropriate

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

Larry Hastings added the comment: > I'd also *STRONGLY* request that we avoid adding any new APIs in relation to > this that mean "Use os.urandom" is no longer the preferred option to obtain > cryptographically strong random numbers in Python. According to the documentation, os.urandom() does

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

Nick Coghlan added the comment: As a process comment: I agree with what Victor wrote in http://haypo-notes.readthedocs.io/pep_random.html#status-of-python-3-5-2, when he suggests that we leave 3.5.2 as is for now (i.e. reverted to be consistent with 2.7 and 3.4, which favours a risk of subtle

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

Donald Stufft added the comment: Python should strive do the right thing, and the right thing for something as security sensitive as accessing a CSPRNG is to use the interface that most strongly promises to in fact, give cryptographically secure random numbers. Obsessing over the purity of mat

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

Nick Coghlan added the comment: Transferring a comment I previously made on #27250: One request I'd make in these discussions is that we avoid using the term "block" - it makes people think of the /dev/random behaviour (i.e. blocking intermittently and unhelpfully), rather than the usually-des

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

Larry Hastings added the comment: > I don't think most people calling os.urandom have any idea how /dev/urandom > behaves on their machine nor do I think most people have any idea how > /dev/urandom behaves on other people's machines. Here I invoke the "consenting adults" rule. In Python deve

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

Larry Hastings added the comment: Wait a minute. If I read the code correctly, currently os.urandom() is implemented strictly using getrandom() *on all platforms*. And if block=false, it... returns an empty buffer? Am I reading that right? And what does it do on platforms that don't have a

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

Donald Stufft added the comment: > The block= parameter confuses the matter greatly, which is why I oppose it. I don't like the block= parameter. > I assert that people are calling os.urandom() because they expect it to > behave like /dev/urandom on their machine. I don't think most people ca

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

Larry Hastings added the comment: Let me make one more thing clear. I'm willing for os.urandom() to try to use getrandom(GRND_NOBLOCK) (or whatever the flag is called). This will not block unless the entropy pool is low--which almost never happens. So 99.% of the time, os.urandom() shou

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

Changes by Nick Coghlan : -- nosy: +ncoghlan ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.pytho

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

Larry Hastings added the comment: > There are a number of functions in os.py that add additional logic ontop of > the system calls, like: All the functions you name don't have POSIX equivalents, except popen and scandir. popen provides a lot of functionality around popen (which internally doe

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

Donald Stufft added the comment: > > there is a lot of code out there using os.urandom for it's security > > properties > > This is exactly why we should not change the behavior of os.urandom(). > os.urandom() must not block on Linux. So defaulting to block=True on Linux > is a non-starter.

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

Larry Hastings added the comment: os.getrandom() would be a thin shell around what the local OS provides, and has the advantage of behaving in a predictable manner. If you provide block=, its implementation and semantics will vary wildly between platforms. * On Linux, block=False should be th

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

Donald Stufft added the comment: I also contest the idea that os functions must only be thin shells around system provided calls (even though I don't think that using getrandom instead of reading from /dev/urandom violates that assertion). There are a number of functions in os.py that add addi

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

Donald Stufft added the comment: I think a new function is a bad idea TBH, os.urandom provides 99% of the right interface on Linux, and 100% of the right interface on other OSes and there is a lot of code out there using os.urandom for it's security properties, and a lot of people educating us

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

Donald Stufft added the comment: It would still be a thin shell around what the OS provides, it'd just be a thin wrapper around getrandom() instead of around /dev/urandom specifically-- but accessing the same content. -- ___ Python tracker

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

Larry Hastings added the comment: This is why I'm unwilling to accept this change in 3.5.2. This sort of "we think it's right" behavior is only appropriate in a point release like 3.6. I think odds are better than even that I'm going to get an os.getrandom(n, block=True) call in 3.5.2. It so

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

STINNER Victor added the comment: > Second, unless you can guarantee you support blocking / non-blocking behavior > on all platforms, this is a bad move. Well, there are two options: * Detect when os.urandom() is going to block, and falls back to weaker entropy (Linux: /dev/urandom in non-blo

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

Larry Hastings added the comment: > getentropy() is non-blocking. By the way, os.urandom() is now implemented > with getentropy() on OpenBSD. I quote issue #25003: > You can not substitute getentropy() for getrandom(), if you need randomness > then entropy does not suffice. -- _

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

STINNER Victor added the comment: Larry Hastings added the comment: > > First, DO NOT merge this change into 3.5.2 without my explicit permission. > I explicitly removed Python 3.5 from this issue to follow your request. See my previous comment :-) -- __

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

Theodore Tso added the comment: Larry, at least on FreeBSD, it sounds like the implementation could just the kern.random.sys.seeded sysctl, and return . (Note: what is the proposed behaviour if the PRNG is not seeded? Return Null?) As far as OpenBSD is concerned, it's true that it's getentro

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

Larry Hastings added the comment: First, DO NOT merge this change into 3.5.2 without my explicit permission. Second, unless you can guarantee you support blocking / non-blocking behavior on all platforms, this is a bad move. -- ___ Python tracker <

[issue27266] Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom()

Changes by STINNER Victor : -- title: Always use getrandom() in os.random() and add block=False parameter to os.urandom() -> Always use getrandom() in os.random() on Linux and add block=False parameter to os.urandom() ___ Python tracker