[Guido]
> Before I can possibly start thinking about what to do when the system's
> CSPRNG is initialized, I need to understand more about how it works.
> Apparently there's a possible transition from the "not ready yet" ("bad")
> state to "ready" ("good"), and all it takes is usually waiting for a second
> or two. But is this a wait that only gets incurred once, somewhere early
> after a boot, or is this something that can happen at any time?[Donald Stufft] > Once, only after boot. On most (all?) modern Linux systems there’s even part > of the boot process that attempts to seed the CSPRNG using random values > stored during a previous boot to shorten the time window between when it’s > ready and when it’s not yet initialized. However, once it is initialized it > will never block (or EAGAIN) again. Donald, at the end you're talking about how getrandom() behaves - /dev/urandom on Linux never blocks, as I understand it (but there's no advertised way to tell when /dev/urandom enters the "good" state). [Guido] > Then shouldn't it be the responsibility of the boot sequence rather than > of the Python stdlib to wait for that event? IIUC that's what OS X > does (I think someone described that it even kernel-panics when it can't > enter the "good" state). The rub is that sometimes Python is running soooo early in the boot sequence in these rare Linux cases. That's said to be impossible on OS X (or Windows). _______________________________________________ Security-SIG mailing list Security-SIG@python.org https://mail.python.org/mailman/listinfo/security-sig
