[issue9123] insecure os.urandom on VMS

STINNER Victor Fri, 13 Apr 2012 02:58:43 -0700

STINNER Victor <victor.stin...@gmail.com> added the comment:

> This issue is a security vulnerability.


I disagree, it's just an issue of a comment in the C code. The Python 
documentation doesn't guarantee that os.urandom() is cryptographic.

Use ssl.RAND_bytes(), added to Python 3.3, if you need cryptographic random 
numbers.

By the way, VMS is no more supported in Python 3.3, see the PEP 11:

    Name:             VMS
    Unsupported in:   Python 3.3
    Code removed in:  Python 3.4

----------

_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue9123>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9123] insecure os.urandom on VMS

Reply via email to