STINNER Victor added the comment: IMHO "Should os.urandom() block before the kernel collected enough entropy?" is the last major question in the large discussion around random: https://haypo-notes.readthedocs.io/pep_random.html#os-urandom
It became clear that Python at startup should use a weak entropy if high-quality entropy is not available (read would block): https://haypo-notes.readthedocs.io/pep_random.html#python-startup So Python startup should no more be impacted if os.urandom() blocks or not. In this case, I'm in favor of making os.urandom() the most secure as possible: block until the kernel collected enough entropy. I'm in favor in the issue #27266 instead of this one. If it is not possible to agree on a solution, I fear that a PEP will be required. I hope that once people understood that the Python startup issue is (no more) unrelated to the behaviour of os.urandom() (block or not), most people will be in favor of making os.urandom() as secure as possible. See also https://haypo-notes.readthedocs.io/pep_random.html : my summary of the issue #26839. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue27250> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
