> On Jun 23, 2016, at 2:10 PM, Nick Coghlan <ncogh...@gmail.com> wrote:
> 
> That second one has the added bonus of doing the right thing even on
> older Linux kernels that don't provide the new getrandom() syscall,
> creating the following virtuous feedback loop:


The second one also is not a good idea to use in the general case since it will 
also block randomly throughout the application. It’s OK to use if you know 
you’re only going to access it once on boot, but you wouldn’t want it to be a 
common idiom that software itself does. If I recall, there was major downtime 
on healthcare.gov because they used /dev/random in production.

—
Donald Stufft



_______________________________________________
Security-SIG mailing list
Security-SIG@python.org
https://mail.python.org/mailman/listinfo/security-sig

Reply via email to