From 4c150e0bd2707b88d41d1dec5321b25848f97ac7 Mon Sep 17 00:00:00 2001 From: Raymond Hettinger Date: Sat, 8 Mar 2014 09:56:08 -0800 Subject: [PATCH] Improve the default seeding in random module to use 32 bytes of entropy when available. --- Lib/random.py | 2 +- Misc/NEWS | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/Lib/random.py b/Lib/random.py index 1a3a13ee86..2f2f0915e2 100644 --- a/Lib/random.py +++ b/Lib/random.py @@ -108,7 +108,7 @@ class Random(_random.Random): if a is None: try: - a = long(_hexlify(_urandom(16)), 16) + a = long(_hexlify(_urandom(32)), 16) except NotImplementedError: import time a = long(time.time() * 256) # use fractional seconds diff --git a/Misc/NEWS b/Misc/NEWS index 635c33b571..e974ee442d 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -44,6 +44,10 @@ Library as documented. The pattern and source keyword parameters are left as deprecated aliases. +- Improve the random module's default seeding to use 256 bits of entropy + from os.urandom(). This was already done for Python 3, mildly improving + security with a bigger seed space. + - Issue #15618: Make turtle.py compatible with 'from __future__ import unicode_literals'. Initial patch by Juancarlo Añez. -- 2.50.1