Changes between and of Initial VersionVersion 1Ticket #4468

Show
Ignore:
Timestamp:
05/31/2010 07:09:18 AM (3 years ago)
Author:
exarkun
Comment:

How about other platforms, where there is no /dev/urandom? Does Python automatically make os.urandom use whatever platform-specific random source they provide? How about future platforms which won't provide this? Or a future Linux replacement for /dev/urandom that's completely superior?

Getting rid of the non-cryptographic fallback may be a good idea, but I don't think completely eliminating this module makes sense. It's a good API for centralizing our decisions about which random number generator to use.

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #4468

    • Property summary changed from twisted.python.randpool to twisted.python.randbytes

  • Ticket #4468 – description

    initial v1  
    1 [source:twisted/python/randpool.py] doesn't seem to offer a lot of functionality over {{{os.urandom}}}, except for two misfeatures: 
     1[source:twisted/python/randbytes.py] doesn't seem to offer a lot of functionality over {{{os.urandom}}}, except for two misfeatures: 
    22 1. The option of setting {{{fallback=True}}} so that it will automatically fallback to insecure random numbers if it can't generate secure ones. This is a terrible idea that nobody should ever do. Behavior like that is one of the causes of the Debian OpenSSL Fiasco, for example. If anyone has a legitimate use case for this behavior I would be fascinated to hear it. 
    33 2. The option of using PyCrypto's {{{Crypto.Util.randpool}}} if it is present. {{{randpool}}} is deprecated (according to the announcement at the top of http://www.dlitz.net/software/pycrypto/ on this date, which references [http://lists.dlitz.net/pipermail/pycrypto/2008q3/000000.html this mailing list thread]). I've looked at {{{randpool}}} a bit, and it doesn't offer any advantage over {{{os.urandom}}} that I can see other than the option of falling back to insecure random number generation if it can't generate secure random numbers. {{{randpool}}} also has a lot of other code to do some useless things about estimating entropy, sampling the current clock, and so on. I can't be sure that I understood its source code because that other stuff made it hard to understand the part I was interested in. The latest git version of PyCrypto comes with this warning: "Deprecated.  Use Random.new() instead. See http://www.pycrypto.org/randpool-broken". However that link gives me a 404 Not Found.