On Tue, 23 Feb 2016 06:32 am, Marko Rauhamaa wrote:
> Jon Ribbens <jon+use...@unequivocal.co.uk>:
>
>> Suppose you had code like this:
>>
>> filename = binascii.hexlify(os.urandom(16)).decode("ascii")
>>
>> Do we really think that is insecure or that there are any practical
>> attacks against it? It would be basically the same as saying that
>> urandom() is broken, surely?
>
> urandom() is not quite random and so should not be considered
> cryptographically airtight.
>
> Under Linux, /dev/random is the way to go when strong security is
> needed. Note that /dev/random is a scarce resource on ordinary systems.
That's actually incorrect, but you're not the only one to have been mislead
by the man pages.
http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/
On non-Linux Unixes, the difference between urandom and random is mostly, or
entirely, gone, in favour of urandom's non-blocking behaviour. And it's a
myth that the output of random is "more random" or "more pure" than
urandom's. In reality, on Linux both urandom and random use exactly the
same CSPRNG.
See also:
http://www.2uo.de/myths-about-urandom/
for a good explanation of how random and urandom actually work on Linux.
--
Steven
--
https://mail.python.org/mailman/listinfo/python-list
