Message 217366 - Python tracker

Message217366

Author	neologix
Recipients	alex, benjamin.peterson, christian.heimes, dstufft, giampaolo.rodola, janssen, josh.r, ncoghlan, neologix, tshepang
Date	2014-04-28.11:51:11
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<CAH_1eM2a_SizNXx=G9L6g1Rm+o=vcw5vrWMwtnZUCDkiGSnXMQ@mail.gmail.com>
In-reply-to	<1398684077.46.0.486877556167.issue21305@psf.upfronthosting.co.za>

Content
> "Depleting" /dev/urandom isn't actually a thing. /dev/urandom on all modern *nix OSs uses a fast PRNG which is secure as long as it has received enough bytes of initial entropy. I didn't say "deplete /dev/urandom", I said that when reading from /dev/urandom "you're depleting your entropy pool". So reading from /dev/urandom won't block, but it can starve processes that read from /dev/random, and that's a problem. See https://groups.google.com/forum/#!msg/fa.linux.kernel/Ocl01d8TzT0/KDCon2ZUm1AJ I think since 2.6 Linux uses two different entropy pools for /dev/random and /dev/urandom, but that might not be true for every OS.

Content

> "Depleting" /dev/urandom isn't actually a thing. /dev/urandom on all modern *nix OSs uses a fast PRNG which is secure as long as it has received enough bytes of initial entropy.

I didn't say "deplete /dev/urandom", I said that when reading from
/dev/urandom "you're depleting your entropy pool". So reading from
/dev/urandom won't block, but it can starve processes that read from
/dev/random, and that's a problem.

See https://groups.google.com/forum/#!msg/fa.linux.kernel/Ocl01d8TzT0/KDCon2ZUm1AJ

I think since 2.6 Linux uses two different entropy pools for
/dev/random and /dev/urandom, but that might not be true for every OS.

History
Date	User	Action	Args
2014-04-28 11:51:11	neologix	set	recipients: + neologix, ncoghlan, janssen, giampaolo.rodola, christian.heimes, benjamin.peterson, alex, tshepang, dstufft, josh.r
2014-04-28 11:51:11	neologix	link	issue21305 messages
2014-04-28 11:51:11	neologix	create