Roundup Tracker - Issues


Author cmeerw
Recipients cmeerw
Date 2018-08-02.20:25:13
Message-id <>
When SystemRandom is not available, we try to

  from random import random

and then use "random.random()" - but this fails as we have only 
imported the random function, not the module.

In we use os.urandom (for SSHA) without checking if it is 

The places where we reseed the random number generator seem to be a 
bit, well, random. We should probably only reseed after forking, i.e. 
in ForkingServer (

And finally, Python 3.6 provides a secrets module - we should probably 
use that, if available, and fall back to SystemRandom/os.urandom and 
finally just the random module.

patch as basis for discussion:
Date User Action Args
2018-08-02 20:25:14cmeerwsetrecipients: + cmeerw
2018-08-02 20:25:14cmeerwsetmessageid: <>
2018-08-02 20:25:14cmeerwlinkissue2550988 messages
2018-08-02 20:25:13cmeerwcreate