> On Jun 23, 2016, at 2:10 PM, Nick Coghlan <ncogh...@gmail.com> wrote: > > That second one has the added bonus of doing the right thing even on > older Linux kernels that don't provide the new getrandom() syscall, > creating the following virtuous feedback loop:
The second one also is not a good idea to use in the general case since it will also block randomly throughout the application. It’s OK to use if you know you’re only going to access it once on boot, but you wouldn’t want it to be a common idiom that software itself does. If I recall, there was major downtime on healthcare.gov because they used /dev/random in production. — Donald Stufft _______________________________________________ Security-SIG mailing list Security-SIG@python.org https://mail.python.org/mailman/listinfo/security-sig