2016-06-23 23:27 GMT+02:00 Victor Stinner <victor.stin...@gmail.com>: > Use Case 1: init script > ----------------------- > > Use a Python 3 script to initialize the system, like systemd-cron. If > the script blocks, the system initialize is stuck too. > > The issue #26839 is a good example of this use case.
For me, such script must not require secure secret. An application which require to generate a secure secret must run later, when the system is fully initialized. What do you think? > Use Case 2: web server > ---------------------- > > Run a Python 3 web server serving web pages using HTTP and HTTPS > protocols. The server is started as soon as possible. > > The first target of the hash DoS attack was web server: it's important > that the hash secret cannot be easily guessed by an attacker. Maybe I should elaborate this point to explain that the specific case of hash secret is more in the practicability side than on the security side. *IMO* reading the non-blocking /dev/urandom is enough for the hash secret. From what I read, even if the system urandom is not considered as initialized, urandom is able to generate "good enough" entropy. So the hash secret is not easily predictable. Maybe I should read Ted Tso's emails to elaborate this point ;-) > Embedded devices > ---------------- > > A solution for embedded devices is to plug an hardware RNG. Honestly, I'm not fully convinced by my own solution :-) I'm not sure that all embedded devices are "extensible". Victor _______________________________________________ Security-SIG mailing list Security-SIG@python.org https://mail.python.org/mailman/listinfo/security-sig