Donald Stufft writes:
> I guess one question would be, what does the secrets module do if
> it’s on a Linux that is too old to have getrandom(0), off the top
> of my head I can think of:
>
> * Silently fall back to reading os.urandom and hope that it’s been
> seeded.
> * Fall back to os.urandom and hope that it’s been seeded and add a
> SecurityWarning or something like it to mention that it’s
> falling back to os.urandom and it may be getting predictable
> random from /dev/urandom.
> * Hard fail because it can’t guarantee secure cryptographic
> random.
I'm going to hide behind the Linux manpage (which actually suggests
saving the data in a file to speed initialization at boot) in
mentioning this:
* if random_initialized_timestamp_pre_boot():
r = open("/dev/random", "rb")
u = open("/dev/urandom", "wb")
u.write(r.read(enough_bytes))
set_random_initialized_timestamp()
# in theory, secrets can now use os.urandom
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4