[Twisted-Python] Importing twisted.names.client blocks

Ralf Schmitt ralf at brainbot.com
Tue Jan 25 09:59:40 EST 2005


Hi,

I started testing a program today which imported twisted.names.client. 
On every second run, the program didn't return from the import and hung 
for some time (until I pressed some key, strange...). Turns out, that I 
don't have Crypto installed and twisted.protocol.dns then tries to read 
2 bytes from
/dev/random, /dev/srandom, and /dev/urandom (in that order, until first 
success) in order to determine a random source. If it succeeds with one 
of those devices, it will also use that method later to read a random 
integer.
The man page for urandom (on linux+fbsd) tells me that /dev/random is 
for 'uses that  need  very  high quality randomness such as one-time pad 
or key generation' and that reads to /dev/random will block when the 
entropy  pool  is  empty.
In contrast /dev/urandom will not block, but it's output may be analyzed 
by an attacker ('Knowledge  of  how  to  do this is not available in the 
current non-classified liter­ature'...but then that linux man page is 
very old...).
I suggest that the usage of /dev/random should be stopped. If it doesn't 
bite you on import, it will do so later, when you're doing lots of dns 
request (a coworker of mine had written http crawler and told me, that 
it started getting slower after 3 hours or so, guess that was the time 
when /dev/random ran out of entropy). After all, when none of those 
devices is available, the code will also fallback to using random.randint.

- Ralf





More information about the Twisted-Python mailing list