Message 325966 - Python tracker

Message325966

Author	christian.heimes
Recipients	benjamin.peterson, christian.heimes, miss-islington, vstinner
Date	2018-09-21.06:38:05
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1537511885.41.0.956365154283.issue34623@psf.upfronthosting.co.za>
In-reply-to

Content
The bug affects multiple platforms. libexpat's expat.h uses slightly different autoconf macro names than pyconfig.h. Therefore only platforms that have either HAVE_GETRANDOM or _WIN32 defined, use a proper CSPRNG to seed the hash salt. Since HAVE_SYSCALL_GETRANDOM, HAVE_ARC4RANDOM_BUF, HAVE_ARC4RANDOM, or XML_DEV_URANDOM are never defined by Python's pyconfig.h, older Linux platforms, any BSD, and any other Unix platform with /dev/urandom fall back to a weak Mersenne Twister-like RNG with gettimeofday().tv_usec and getpid() as seed.

Content

The bug affects multiple platforms. libexpat's expat.h uses slightly different autoconf macro names than pyconfig.h. Therefore only platforms that have either HAVE_GETRANDOM or _WIN32 defined, use a proper CSPRNG to seed the hash salt.

Since HAVE_SYSCALL_GETRANDOM, HAVE_ARC4RANDOM_BUF, HAVE_ARC4RANDOM, or XML_DEV_URANDOM are never defined by Python's pyconfig.h, older Linux platforms, any BSD, and any other Unix platform with /dev/urandom fall back to a weak Mersenne Twister-like RNG with gettimeofday().tv_usec and getpid() as seed.

History
Date	User	Action	Args
2018-09-21 06:38:05	christian.heimes	set	recipients: + christian.heimes, vstinner, benjamin.peterson, miss-islington
2018-09-21 06:38:05	christian.heimes	set	messageid: <1537511885.41.0.956365154283.issue34623@psf.upfronthosting.co.za>
2018-09-21 06:38:05	christian.heimes	link	issue34623 messages
2018-09-21 06:38:05	christian.heimes	create