[Python-Dev] BDFL ruling request: should we block forever waiting for high-quality random bits?
Sebastian Krause
sebastian at realpath.org
Fri Jun 10 13:01:23 EDT 2016
More information about the Python-Dev mailing list
Fri Jun 10 13:01:23 EDT 2016
- Previous message (by thread): [Python-Dev] BDFL ruling request: should we block forever waiting for high-quality random bits?
- Next message (by thread): [Python-Dev] BDFL ruling request: should we block forever waiting for high-quality random bits?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Guido van Rossum <guido at python.org> wrote: > I just don't like the potentially blocking behavior, and experts' opinions > seem to widely vary on how insecure the fallback bits really are, how > likely you are to find yourself in that situation, and how probable an > exploit would be. This is not just a theoretical problem being discussed by security experts that *could* be exploited, there have already been multiple real-life cases of devices (mostly embedded Linux machines) generating predicatable SSH keys because they read from an uninitialized /dev/urandom at first boot. Most recently in the Raspbian distribution for the Raspberry Pi: https://www.raspberrypi.org/forums/viewtopic.php?f=66&t=126892 At least in 3.6 there should be obvious way to get random data that *always* guarantees to be secure and either fails or blocks if it can't guarantee that. Sebastian
- Previous message (by thread): [Python-Dev] BDFL ruling request: should we block forever waiting for high-quality random bits?
- Next message (by thread): [Python-Dev] BDFL ruling request: should we block forever waiting for high-quality random bits?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-Dev mailing list