Message 267731 - Python tracker

Message267731

Author	Lukasa
Recipients	Colm Buckley, Lukasa, alex, christian.heimes, doko, dstufft, larry, lemburg, martin.panter, matejcik, ned.deily, python-dev, rhettinger, skrah, thomas-petazzoni, vstinner, ztane
Date	2016-06-07.19:12:00
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1465326720.96.0.220308713091.issue26839@psf.upfronthosting.co.za>
In-reply-to

Content
> Python hash randomization only happens once. So it's not a matter of how early we try the attack, it's a matter of how early we seed Python hash randomization. Sorry Larry, I was insufficiently clear (relying on context from earlier). I totally agree that Python startup should not block. I'm saying that having getrandom() called in "blocking mode" for os.urandom, random.SystemRandom, and secrets is not a DoS vector.

Content

> Python hash randomization only happens once.  So it's not a matter of how early we try the attack, it's a matter of how early we seed Python hash randomization.

Sorry Larry, I was insufficiently clear (relying on context from earlier). I totally agree that Python startup should not block. I'm saying that having getrandom() called in "blocking mode" for os.urandom, random.SystemRandom, and secrets is not a DoS vector.

History
Date	User	Action	Args
2016-06-07 19:12:01	Lukasa	set	recipients: + Lukasa, lemburg, rhettinger, doko, vstinner, larry, christian.heimes, matejcik, ned.deily, alex, skrah, python-dev, martin.panter, ztane, dstufft, thomas-petazzoni, Colm Buckley
2016-06-07 19:12:00	Lukasa	set	messageid: <1465326720.96.0.220308713091.issue26839@psf.upfronthosting.co.za>
2016-06-07 19:12:00	Lukasa	link	issue26839 messages
2016-06-07 19:12:00	Lukasa	create