Home Original page

Message 195254 - Python tracker

Message195254

Author pitrou
Recipients christian.heimes, neologix, pitrou, sbt, vstinner
Date 2013-08-15.13:14:05
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1376572446.01.0.829855118908.issue18747@psf.upfronthosting.co.za>
In-reply-to
Content 
> Python doesn't have a builtin PRNG.

Of course it does. It's in the random module, and you can seed() it:

>>> random.seed(5)
>>> random.random()
0.6229016948897019
>>> random.random()
0.7417869892607294
>>> random.seed(5)
>>> random.random()
0.6229016948897019

See e.g. issue12856. And the multiprocessing module:
http://hg.python.org/cpython/file/92039fb68483/Lib/multiprocessing/forkserver.py#l195

> We use the OS's CPRNG such as /dev/urandom or CryptGenRandom().

"We"?

> It's not only multiprocessing. What about forking webservers etc.
> that use HTTPS?

Well, are they affected? I haven't understood your previous answer.
("OpenSSL uses its own PRNG to create (amongst others) session keys for SSL connections")

Note that it seems debatable whether it's an OpenSSL bug:
http://www.openwall.com/lists/oss-security/2013/04/12/3
History
Date User Action Args
2013-08-15 13:14:06pitrousetrecipients: + pitrou, vstinner, christian.heimes, neologix, sbt
2013-08-15 13:14:06pitrousetmessageid: <1376572446.01.0.829855118908.issue18747@psf.upfronthosting.co.za>
2013-08-15 13:14:05pitroulinkissue18747 messages
2013-08-15 13:14:05pitroucreate