On Jan 04, 2012, at 02:59 AM, Antoine Pitrou wrote:
>Well what if /dev/urandom is unavailable because the program is run
>e.g. in a chroot?
>(or is /dev/urandom still available in a chroot?)
It is (apparently) in an schroot in Ubuntu, so I'd guess it's also available
in Debian (untested).
-Barry
> (or is /dev/urandom still available in a chroot?)
Last time that I played with chroot, I "binded" /dev and /proc. Many
programs rely on specific devices like /dev/null.
Python should not refuse to start if /dev/urandom (or CryptoGen) is
missing or cannot be used, but should use a weak fallback.
> Well what if /dev/urandom is unavailable because the program is run
> e.g. in a chroot?
If the system ought to have /dev/urandom (as e.g. determined during
configure), I propose that Python fails fast, unless the command line
option is given that disables random hash seeds.
For the security fix
On Tue, 03 Jan 2012 23:21:30 +0100
"Martin v. Löwis" wrote:
> > Have you read the following sentence:
> >
> > “Since some platforms may not have /dev/urandom, we need a PRNG in the
> > core, too. I therefore propose to move the Mersenne twister from
> > randommodule.c into the core, too.”
>
> I
On Wed, Jan 4, 2012 at 8:21 AM, "Martin v. Löwis" wrote:
>> Have you read the following sentence:
>>
>> “Since some platforms may not have /dev/urandom, we need a PRNG in the
>> core, too. I therefore propose to move the Mersenne twister from
>> randommodule.c into the core, too.”
>
> I disagree.
> Have you read the following sentence:
>
> “Since some platforms may not have /dev/urandom, we need a PRNG in the
> core, too. I therefore propose to move the Mersenne twister from
> randommodule.c into the core, too.”
I disagree. We don't need a PRNG on platforms without /dev/urandom or
any oth
On Tue, 3 Jan 2012 22:17:06 +0100
Victor Stinner wrote:
> A randomized hash doesn't need cryptographic RNG (which are slow and
> need a lot of new code), and the new hash function should maybe not be
> cryptographic. We need to make the DoS more expensive for the
> attacker, but we don't need to a
A randomized hash doesn't need cryptographic RNG (which are slow and
need a lot of new code), and the new hash function should maybe not be
cryptographic. We need to make the DoS more expensive for the
attacker, but we don't need to add "too much security" for that.
Mersenne Twister is useless her
> The core RNG is going to be part of the randomized hashing function
> patch. The patch will be applied to all Python version from 2.6 to 3.3.
> Some people may want to applied it to 2.4 and 2.5, too. As the patch is
> going to affect six to eight Python versions, it should introduce as few
> new
Christian Heimes wrote:
[...]
I propose an addition to the current Python C API:
int PyOS_URandom(char *buf, Py_ssize_t len)
Read "len" chars from the OS's RNG into the pre-allocated buffer "buf".
The RNG should be suitable for cryptography.
Since some platforms may not have /dev/urandom, we
Am 03.01.2012 18:23, schrieb Matthieu Brucher:
> Hi,
>
> I'm not a core Python developer, but it may be intesting to use a real
> Crush resistant RNG, as one from Random123 (a parallel random generator
> that is Crush resistant, contrary to the Mersenne Twister, and without a
> state).
Hello Matt
On Tue, 03 Jan 2012 14:18:34 +0100
Christian Heimes wrote:
>
> I suggest Python/random.c as source file and Python/pyrandom.h as header
> file. Comments?
Looks good on the principle. The API names for MT are a bit ugly.
> The RNG should be suitable for cryptography.
Sounds like too strong a re
Hi,
I'm not a core Python developer, but it may be intesting to use a real
Crush resistant RNG, as one from Random123 (a parallel random generator
that is Crush resistant, contrary to the Mersenne Twister, and without a
state).
Cheers,
Matthieu Brucher
2012/1/3 Christian Heimes
> Hello,
>
> a
Hello,
all proposed fixes for a randomized hashing function raise and fall with
a good random number generator to feed the random seed. The seed must be
created very early in the startup phase of the interpreter, preferable
before the basic types are initialized. CPython already have multiple
sour
14 matches
Mail list logo
