Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://mail.python.org/pipermail/python-dev/2016-June/145248.html below:

[Python-Dev] BDFL ruling request: should we block forever waiting for high-quality random bits?

• Previous message (by thread): [Python-Dev] BDFL ruling request: should we block forever waiting for high-quality random bits?
• Next message (by thread): [Python-Dev] BDFL ruling request: should we block forever waiting for high-quality random bits?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Nathaniel Smith <njs <at> pobox.com> writes:
> In practice, your proposal means that ~all existing code that uses
> os.urandom becomes incorrect and should be switched to either secrets
> or random. This is *far* more churn for end-users than Nick's
> proposal.

This should only concern code that a) was specifically written for
3.5.0/3.5.1 and b) implements a serious cryptographic application
in Python.

I think b) is not a good idea anyway due to timing and side channel
attacks and the lack of secure wiping of memory. Such applications
should be written in C, where one does not have to predict the
behavior of multiple layers of abstractions.


Stefan Krah

• Previous message (by thread): [Python-Dev] BDFL ruling request: should we block forever waiting for high-quality random bits?
• Next message (by thread): [Python-Dev] BDFL ruling request: should we block forever waiting for high-quality random bits?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4