On 06/09/2016 03:22 PM, Larry Hastings wrote: > > On 06/09/2016 08:52 AM, Guido van Rossum wrote: >> That leaves direct calls to os.urandom(). I don't think this should >> block either. > > Then it's you and me against the rest of the world ;-) > > > Okay, it's decided: os.urandom() must be changed for 3.5.2 to never > block on a getrandom() call. One way to not block is to raise an exception. Since this is such a rare occurrence anyway I don't see this being a problem, plus it keeps everybody mostly happy: normal users won't see it hang, crypto-folk won't see vulnerable-from-this-cause-by-default machines, and those running Python early in the boot sequence will have something they can figure out, plus an existing knob to work around it [hashseed, I think?]. > As a concession to [the crypto experts], I propose adding a simple! > predictable! function to Python 3.5.2: os.getrandom(). This would be unnecessary if we go the exception route. > And the implementation of os.getrandom() should be > very straightforward, and its semantics will mirror the native call, so > I'm pretty confident we can get it solid in a couple of days, though we > might slip 3.5.2rc1 by a day or two. I would think the exception route would also not take very long to make solid. Okay, I'll shut up now. ;) -- ~Ethan~
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4