On 6 August 2016 at 18:46, Nick Coghlan <ncogh...@gmail.com> wrote: > On 6 August 2016 at 18:32, Victor Stinner <victor.stin...@gmail.com> wrote: >> Le 6 août 2016 04:39, "Guido van Rossum" <gu...@python.org> a écrit : >>> 4. Bad code gets cargo-culted (e.g. through StackOverflow). >> >>> Re (4): With PEP 524, people worried about blocking may be driven to >>> unnecessarily write more complicated code using os.getrandom(). With >>> PEP 522, people worried about crashes may be driven to unnecessarily >>> call secrets.wait_for_system_rng() or put try/except blocks catching >>> raise BlockingIOError around all their os.urandom()-based calls. >> >> What can we do to reduce this issue? Promote the best recipes in the >> documentation of the random and/or secrets module? Add Nick's >> secrets.wait_for_system_rng()? > > At the moment, PEP 522 doesn't propose making the secrets API block > implicitly. I was already starting to have doubts about that, and > given Guido's feedback, I think I should change it so that it does.
OK, I've made this change now: https://github.com/python/peps/commit/5392cf9fb86d983b2f06694b742318000ad8bdc2 It turned out to have the nice property of making secrets.token_bytes a blocking drop-in replacement for os.urandom, so I appended a "; see secrets.token_bytes()" to the proposed error message. This should make the "boilerplate" answer either using secrets.token_bytes unconditionally, or else a backwards compatibility dance to use it if available, and fall back to os.urandom otherwise. I also tried to make it more explicit that application frameworks like Django that can make more assumptions about their use cases can easily prevent the BlockingIOError from ever coming up by calling secrets.wait_for_system_rng() when it's available. Most of the other changes were clearing out references to things that have already been handled outside the PEP process (i.e. agreeing that os.getrandom() is useful to expose as a platform feature, agreeing that SipHash initialisation and random module initialisation shouldn't wait for the system RNG) Cheers, Nick. -- Nick Coghlan | ncogh...@gmail.com | Brisbane, Australia _______________________________________________ Security-SIG mailing list Security-SIG@python.org https://mail.python.org/mailman/listinfo/security-sig
