Opened 8 years ago
Closed 8 years ago
#4468 enhancement closed fixed (fixed)
twisted.python.randbytes
| Reported by: | zooko | Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | core | Keywords: | security |
| Cc: | zooko, zooko@…, Thijs Triemstra | Branch: |
branches/randbytes-without-pycrypto-4468
branch-diff, diff-cov, branch-cov, buildbot |
| Author: | exarkun |
Description (last modified by )
[source:twisted/python/randbytes.py] doesn't seem to offer a lot of functionality over os.urandom, except for two misfeatures:
- The option of setting
fallback=Trueso that it will automatically fallback to insecure random numbers if it can't generate secure ones. This is a terrible idea that nobody should ever do. Behavior like that is one of the causes of the Debian OpenSSL Fiasco, for example. If anyone has a legitimate use case for this behavior I would be fascinated to hear it. - The option of using PyCrypto's
Crypto.Util.randpoolif it is present.randpoolis deprecated (according to the announcement at the top of http://www.dlitz.net/software/pycrypto/ on this date, which references this mailing list thread). I've looked atrandpoola bit, and it doesn't offer any advantage overos.urandomthat I can see other than the option of falling back to insecure random number generation if it can't generate secure random numbers.randpoolalso has a lot of other code to do some useless things about estimating entropy, sampling the current clock, and so on. I can't be sure that I understood its source code because that other stuff made it hard to understand the part I was interested in. The latest git version of PyCrypto comes with this warning: "Deprecated. Use Random.new() instead. See http://www.pycrypto.org/randpool-broken". However that link gives me a 404 Not Found.
I suspect both of these modules predate the os.urandom module that was introduced in Python 2.4. Now that Twisted no longer supports Python 2.3, perhaps the time has come to deprecate twisted.python.randbytes in favor of os.urandom.
Change History (11)
comment:1 follow-up: 3 Changed 8 years ago by
| Description: | modified (diff) |
|---|---|
| Summary: | twisted.python.randpool → twisted.python.randbytes |
comment:2 Changed 8 years ago by
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
Feel free to re-open (or open another more specific ticket) if you have further comments.
comment:3 Changed 8 years ago by
| Cc: | Thijs Triemstra added |
|---|---|
| Resolution: | invalid |
| Status: | closed → reopened |
Replying to exarkun:
How about other platforms, where there is no /dev/urandom?
From the docs: "If a randomness source is not found, NotImplementedError will be raised."
Does Python automatically make
os.urandomuse whatever platform-specific random source they provide?
"On a UNIX-like system this will query /dev/urandom, and on Windows it will use CryptGenRandom."
How about future platforms which won't provide this? Or a future Linux replacement for /dev/urandom that's completely superior?
Getting rid of the non-cryptographic fallback may be a good idea, but I don't think completely eliminating this module makes sense. It's a good API for centralizing our decisions about which random number generator to use.
I think we should get rid of the fallback and switch to os.urandom, and if that throws a NotImplementedError fallback to Random.new()?
comment:4 Changed 8 years ago by
I think we should get rid of the fallback and switch to os.urandom, and if that throws a NotImplementedError fallback to Random.new()?
Half of zooko's complaint seems to be that Crypto.Util.randpool shouldn't be used at all, so that fallback probably doesn't make sense.
So, specifically, it sounds like we should drop the use of PyCrypto entirely and then this ticket will be resolved.
We could also remove the /dev/urandom support code, but why should we bother?
comment:5 Changed 8 years ago by
| Owner: | changed from Glyph to zooko |
|---|---|
| Status: | reopened → new |
For what it's worth, you have to specifically pass fallback to say "I don't care, for this application". Perhaps calling the method secureRandom is misleading, but you can use it for a networked dice-roller or something, so you can run it on your NetBSD set-top box, it's obviously not intended for crypto math. None of the crypto functions in Twisted use that argument.
I officially do not care about the outcome of this ticket though, because for almost all users on almost all platforms, it already uses os.urandom. I agree with exarkun that it is a good place to centralize decisions about random number generation, but since os.urandom itself seems to be doing an okay job of doing that, I won't shed a tear if it goes away either.
comment:6 Changed 8 years ago by
| Author: | → exarkun |
|---|---|
| Branch: | → branches/randbytes-without-pycrypto-4468 |
(In [29376]) Branching to 'randbytes-without-pycrypto-4468'
comment:7 Changed 8 years ago by
| Keywords: | review added |
|---|---|
| Owner: | zooko deleted |
comment:9 Changed 8 years ago by
| Keywords: | review removed |
|---|---|
| Owner: | set to Jean-Paul Calderone |
Pyflakes reports sys as an unused import in test_randbytes, but other than that it looks good to merge.
comment:10 Changed 8 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
comment:11 Changed 8 years ago by
| Owner: | Jean-Paul Calderone deleted |
|---|
How about other platforms, where there is no /dev/urandom? Does Python automatically make
os.urandomuse whatever platform-specific random source they provide? How about future platforms which won't provide this? Or a future Linux replacement for /dev/urandom that's completely superior?Getting rid of the non-cryptographic fallback may be a good idea, but I don't think completely eliminating this module makes sense. It's a good API for centralizing our decisions about which random number generator to use.