[pycrypto] Run test suite with /dev/random

Dwayne C. Litzenberger dlitz at dlitz.net
Fri Jan 13 10:07:51 CST 2012


On Mon, Jan 02, 2012 at 05:08:32AM +0100, Sebastian Ramacher wrote:
>I'm facing the following issue: in the Debian package of pycrypto we build
>pycrypto for Python 2.6, 2.7 and 3.1 and the debug variants. For all these
>versions and variants the test suite is run during the build. This works fine
>except on the GNU/Hurd build system [1]. There the test suite succeeds for Py
>2.6, 2.7 but fails for Py 3.2 because the system runs out of entropy.
>
>I see two options to fix the issue on the Debian side:
>
> * Disable the test suite on GNU/Hurd.
> * Replace every occurrence of /dev/urandom with /dev/random and run the 
> test suite with /dev/random.
>
>I don't like either of these two options. I'd rather prefer an option to 
>specify the random number generator that should be used for the test 
>suite.  But before implementing such an option I'd like to know if this 
>has any chance to be accepted into pycrypto.

Not likely.  This looks like a HURD bug that should be fixed in HURD.

Historically, /dev/random and /dev/urandom were OS-specific, but as far as 
I'm aware, all of the other modern Unix-like systems have converged on one 
de-facto standard:

- /dev/urandom always returns as many cryptographically-secure random bytes 
   as you request

- /dev/random either behaves exactly like /dev/urandom, or it does "entropy 
   estimation" (which is silly, IMHO) and blocks whenever the estimate 
   reaches zero.

Notably, /dev/urandom behaves exactly the same on every system where it 
exists---except, apparently, on HURD.  What good reason could there 
possibly be for HURD to be incompatible here?  Why should all *nix 
developers have to write a HURD-specific protocol switch in their 
applications?

I'm not interested in patches that encourage such madness.  It would better 
for you to spend your effort fixing HURD's /dev/urandom implementation.

Cheers,
- Dwayne

-- 
Dwayne C. Litzenberger <dlitz at dlitz.net>
  OpenPGP: 19E1 1FE8 B3CF F273 ED17  4A24 928C EC13 39C2 5CF7


More information about the pycrypto mailing list