Donald Stufft added the comment: I will add, /dev/random is not going to *hurt* when generating long lived cryptographic keys (e.g. like your SSH keys) because that's something you're generally going to do once every couple of years and if it takes a few seconds longer because of snake oil then who cares. It's not going matter once /dev/urandom is initialized (of course, it does matter if /dev/urandom hasn't been initialized yet). So it does guard against early on in the boot process in a way that /dev/urandom doesn't (but then, so does getrandom(0)).
It's obviously not acceptable for your webserver to randomly block for seconds at a time trying to generate signing keys for cookies just because of snakeoil though. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue27297> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
