On 17.07.2014 20:34, Paul Rubin wrote: > Could os.urandom() be patched to use the new Linux getrandom() system > call on systems where it is available? Further info: > > http://lists.openwall.net/linux-kernel/2014/07/17/235 > > I've stopped posting to the Python bug tracker because the password > management issues became too annoying. >
The feature will be implemented as soon as the first Linux distribution comes with a kernel version that supports the new syscall. By the way Python 3.4 is not vulnerable to fd exhaustion attack. The interpreter keeps an open file descriptor on /dev/urandom. The wrapper code ensures that the fd is not replaced. -- https://mail.python.org/mailman/listinfo/python-list
