On Jul 29, 2016, at 04:21 PM, Victor Stinner wrote: >The strict minimum is to implement os.getrandom() with a single call, >*but* retry the getrandom() call if it fails with EINTR and the Python >signal handler doesn't raise any exception. With this design, we don't >drop any collected byte. But os.getrandom() should be used with a loop >at the Python level.
Yes, I'd opt for this. I definitely don't think we should be discarding entropy, and I think a Python-level loop should be just fine. Cheers, -Barry
pgpUAh3nxdYM9.pgp
Description: OpenPGP digital signature
_______________________________________________ Security-SIG mailing list Security-SIG@python.org https://mail.python.org/mailman/listinfo/security-sig
