[issue16190] Misleading warning in random module docs

2013-08-16 Thread Donald Stufft

Changes by Donald Stufft donald.stu...@gmail.com:


--
nosy: +dstufft

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16190
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue16190] Misleading warning in random module docs

2013-08-16 Thread Antoine Pitrou

Antoine Pitrou added the comment:

Done.

--
resolution:  - fixed
stage: needs patch - committed/rejected
status: open - closed
versions:  -Python 3.2

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16190
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue16190] Misleading warning in random module docs

2013-08-16 Thread Roundup Robot

Roundup Robot added the comment:

New changeset 9df0501fab35 by Antoine Pitrou in branch '3.3':
Issue #16190: fix random module recommendation to use ssl.RAND_bytes().
http://hg.python.org/cpython/rev/9df0501fab35

New changeset 04b50a1eb013 by Antoine Pitrou in branch 'default':
Issue #16190: fix random module recommendation to use ssl.RAND_bytes().
http://hg.python.org/cpython/rev/04b50a1eb013

New changeset 48b618a9ad10 by Antoine Pitrou in branch '2.7':
Issue #16190: fix random module recommendation to use ssl.RAND_bytes().
http://hg.python.org/cpython/rev/48b618a9ad10

--
nosy: +python-dev

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16190
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue16190] Misleading warning in random module docs

2013-08-16 Thread STINNER Victor

STINNER Victor added the comment:

Why did you remove reference to ssl.RAND_bytes() on Python 3.3 from the notice?

--

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16190
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue16190] Misleading warning in random module docs

2013-08-16 Thread Antoine Pitrou

Antoine Pitrou added the comment:

As far as I understand, os.urandom() is fine for the task. There's no point in 
mentioning ssl.RAND_bytes() just because it exists, IMO.

--

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16190
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue16190] Misleading warning in random module docs

2013-08-15 Thread Christian Heimes

Christian Heimes added the comment:

Thomas H. Ptacek pointed me to a good explanation: 
http://security.stackexchange.com/a/3939

TL;DR: Just use /dev/urandom and be happy.

--

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16190
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue16190] Misleading warning in random module docs

2013-08-15 Thread Antoine Pitrou

Antoine Pitrou added the comment:

Agreed with a re-wording.

--
nosy: +pitrou

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16190
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue16190] Misleading warning in random module docs

2012-11-09 Thread George Peristerakis

Changes by George Peristerakis peristera...@gmail.com:


--
nosy:  -George.Peristerakis

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16190
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue16190] Misleading warning in random module docs

2012-11-03 Thread George Peristerakis

Changes by George Peristerakis peristera...@gmail.com:


--
nosy: +George.Peristerakis

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16190
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue16190] Misleading warning in random module docs

2012-10-11 Thread Raymond Hettinger

Changes by Raymond Hettinger raymond.hettin...@gmail.com:


--
assignee: docs@python - rhettinger
components: +Documentation
nosy: +rhettinger
priority: normal - low

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16190
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue16190] Misleading warning in random module docs

2012-10-11 Thread Ezio Melotti

Changes by Ezio Melotti ezio.melo...@gmail.com:


--
nosy: +ezio.melotti, haypo
stage:  - needs patch

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16190
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue16190] Misleading warning in random module docs

2012-10-11 Thread STINNER Victor

STINNER Victor added the comment:

See also the issue #15213 (and the issue #12754).

--

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16190
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue16190] Misleading warning in random module docs

2012-10-10 Thread Christian Heimes

New submission from Christian Heimes:

The documentation [1] of the random module contains a misleading warning 

---
Warning: The generators of the random module should not be used for security 
purposes. Use ssl.RAND_bytes() if you require a cryptographically secure 
pseudorandom number generator.
---

The warning should point users to os.urandom() and random.SystemRandom rather 
than ssl.RAND_bytes(). On Linux os.urandom() wraps /dev/urandom [2], on Windows 
it uses CryptGenRandom() [3]. Both are suitable for most cryptographic purposes 
except for long-lived keys (SSL, SSH, GPG certs etc.). ssl.RAND_bytes() should 
only be used for such long-lived data and not for salts, session ids and 
similar.

I like to see the warning box in Python 2.7, too. It's still the default for 
docs.python.org. My inquiry is motivated by #16184.

[1] http://docs.python.org/py3k/library/random.html
[2] http://linux.die.net/man/4/urandom
[3] 
http://msdn.microsoft.com/en-us/library/windows/desktop/aa379942%28v=vs.85%29.aspx

--
assignee: docs@python
messages: 172589
nosy: christian.heimes, docs@python
priority: normal
severity: normal
status: open
title: Misleading warning in random module docs
type: security
versions: Python 2.7, Python 3.2, Python 3.3, Python 3.4

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16190
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue16190] Misleading warning in random module docs

2012-10-10 Thread Georg Brandl

Georg Brandl added the comment:

Sure, I'd propose a rewording that mentions both alternatives and when they 
should be used.

--
nosy: +georg.brandl

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16190
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com