Improve the default seeding in random module to use 32 bytes of entropy when available.

author Raymond Hettinger <python@rcn.com>

Sat, 8 Mar 2014 17:56:08 +0000 (09:56 -0800)

committer Raymond Hettinger <python@rcn.com>

Sat, 8 Mar 2014 17:56:08 +0000 (09:56 -0800)
author Raymond Hettinger <python@rcn.com>
Sat, 8 Mar 2014 17:56:08 +0000 (09:56 -0800)
committer Raymond Hettinger <python@rcn.com>
Sat, 8 Mar 2014 17:56:08 +0000 (09:56 -0800)
diff --git a/Lib/random.py b/Lib/random.py

index 1a3a13ee862309618505a271f6a9beecc20cd63d..2f2f0915e2ef1fb293a814baaa082fb53c971b40 100644 (file)
--- a/Lib/random.py
+++ b/Lib/random.py
@@ -108,7 +108,7 @@ class Random(_random.Random):
  
          if a is None:
              try:
-                a = long(_hexlify(_urandom(16)), 16)
+                a = long(_hexlify(_urandom(32)), 16)
              except NotImplementedError:
                  import time
                  a = long(time.time() * 256) # use fractional seconds
diff --git a/Misc/NEWS b/Misc/NEWS

index 635c33b5719513e9dc1f76aa3a2456690cae1e2e..e974ee442dca29f6e45e8b69019973864f8fc333 100644 (file)
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -44,6 +44,10 @@ Library
    as documented.  The pattern and source keyword parameters are left as
    deprecated aliases.
  
+- Improve the random module's default seeding to use 256 bits of entropy
+  from os.urandom().  This was already done for Python 3, mildly improving
+  security with a bigger seed space.
+
  - Issue #15618: Make turtle.py compatible with 'from __future__ import
    unicode_literals'.  Initial patch by Juancarlo Añez.
author	Raymond Hettinger <python@rcn.com>
	Sat, 8 Mar 2014 17:56:08 +0000 (09:56 -0800)
committer	Raymond Hettinger <python@rcn.com>
	Sat, 8 Mar 2014 17:56:08 +0000 (09:56 -0800)
Lib/random.py		patch \| blob \| history
Misc/NEWS		patch \| blob \| history