> On 22 Jun 2016, at 02:28, Nick Coghlan <ncogh...@gmail.com> wrote: > > Hi folks, > > Over the weekend, Nathaniel Smith and I put together a proposal to > allow security sensitive APIs (os.urandom, random.SystemRandom and the > new secrets module) to throw BlockingIOError if the operating system's > random number generator isn't ready.
In general I like this approach. One note inline below. > Limitations on scope > -------------------- > > No changes are proposed for Windows or Mac OS X systems, as neither of those > platforms provides any mechanism to run Python code before the operating > system random number generator has been initialized. Mac OS X goes so far as > to kernel panic and abort the boot process if it can't properly initialize the > random number generator (although Apple's restrictions on the supported > hardware platforms make that exceedingly unlikely in practice). > > Similarly, no changes are proposed for other \*nix systems where > ``os.urandom()`` will currently block waiting for the system random number > generator to be initialized, rather than returning values that are potentially > unsuitable for use in security sensitive applications. You may want to be careful around this point. Solaris provides a getrandom() syscall as well, that Python *does* use. Furthermore, if other *nix OSes provide a getrandom() syscall then the current Python code will favour it over the urandom fallback: care should be taken to clarify what the expected plan is in these cases. Cory
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Security-SIG mailing list Security-SIG@python.org https://mail.python.org/mailman/listinfo/security-sig
