On Wed, Jun 22, 2016 at 7:18 PM, Donald Stufft <don...@stufft.io> wrote:
>
> On Jun 22, 2016, at 10:15 PM, Guido van Rossum <gu...@python.org> wrote:
>
> Before I can possibly start thinking about what to do when the system's
> CSPRNG is initialized, I need to understand more about how it works.
> Apparently there's a possible transition from the "not ready yet" ("bad")
> state to "ready" ("good"), and all it takes is usually waiting for a second
> or two. But is this a wait that only gets incurred once, somewhere early
> after a boot, or is this something that can happen at any time?
>
>
>
> Once, only after boot. On most (all?) modern Linux systems there’s even
> part of the boot process that attempts to seed the CSPRNG using random
> values stored during a previous boot to shorten the time window between
> when it’s ready and when it’s not yet initialized. However, once it is
> initialized it will never block (or EAGAIN) again.
>
Then shouldn't it be the responsibility of the boot sequence rather than of
the Python stdlib to wait for that event? IIUC that's what OS X does (I
think someone described that it even kernel-panics when it can't enter the
"good" state).
--
--Guido van Rossum (python.org/~guido)
_______________________________________________
Security-SIG mailing list
Security-SIG@python.org
https://mail.python.org/mailman/listinfo/security-sig
