Paul Rubin wrote:
> "Szabolcs Nagy" <[EMAIL PROTECTED]> writes:
>
>>file('/dev/urandom').read(6).encode('base64')
>>(oneliner and without import sa op requested)
>
>
> Nice, though Un*x dependent (os.urandom is supposed to be portable).
Uh oh. I was looking at the Python "SSL" code recently, and
noted that OpenSSL initializes the keys with '/dev/urandom' if
available, and otherwise relies on the caller to seed it with
random data and to check that enough randomness has been input.
But the Python glue code for SSL doesn't seem to have the
machinery to seed SSL with randomness. I suspect that on
platforms without '/dev/urandom', Python's SSL package may
be using the same keys every time. This needs to be looked
at by a crypto expert.
John Nagle
--
http://mail.python.org/mailman/listinfo/python-list
