8000 os.urandom for Pico/RP2040 not supported · Issue #4196 · adafruit/circuitpython · GitHub
[go: up one dir, main page]
Skip to content

os.urandom for Pico/RP2040 not supported #4196

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
joelburton opened this issue Feb 13, 2021 · 8 comments · Fixed by #4213
Closed

os.urandom for Pico/RP2040 not supported #4196

joelburton opened this issue Feb 13, 2021 · 8 comments · Fixed by #4213
Labels
enhancement rp2040 Raspberry Pi RP2040
Milestone
Long term

Comments

@joelburton
Copy link

Attempts to use os.urandom(n) on the Pico currently report:

>>> os.urandom(1)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
NotImplementedError: No hardware random available

The datasheet for the Pico indicate that the ring oscillator can be used for this (RP2040 datasheet, page 240). They do note that there are potential cryptographic attacks possible on this, but could this still be a considered "random hardware"? There are CircuitPython libraries that require os.urandom().
@ladyada
Copy link
Member
ladyada commented Feb 13, 2021

which library requires os.urandom?

@jepler
Copy link
jepler commented Feb 13, 2021

In the bundle, adafruit_rsa uses os.urandom. In the community bundle, circuitpython_nrf24l01 does. In Learn, CPB_Quick_Draw_Duo (gracefully works around it if it's missing) and CLUE_Rock_Paper_Scissors (advanced version only) do.

@ladyada
Copy link
Member
ladyada commented Feb 13, 2021

@joelburton you cant use random.randint() ?

@joelburton
Copy link
Author
joelburton commented Feb 14, 2021 via email

@ladyada
Copy link
Member
ladyada commented Feb 14, 2021

well tbf i dont know the crypto implications - i am not sure how we seed the pico's RNG. i will leave open but yah maybe can you submit a PR to change RSA lib to use random. instead of os.urandom if it throws an exception?

what are you doing with the pico and RSA anyways? makin a U2F? :)

@joelburton
Copy link
Author
joelburton commented Feb 14, 2021 via email

@ladyada
Copy link
Member
ladyada commented Feb 14, 2021

ahh ok, random.* would be fine for your purposes then! if you submit a PR we will review it and merge

@hierophect hierophect added rp2040 Raspberry Pi RP2040 enhancement labels Feb 16, 2021
@tannewt tannewt added this to the Long term milestone Feb 17, 2021
@tannewt
Copy link
Member
tannewt commented Feb 17, 2021

well tbf i dont know the crypto implications - i am not sure how we seed the pico's RNG. i will leave open but yah maybe can you submit a PR to change RSA lib to use random. instead of os.urandom if it throws an exception?

random will use the time you first call it to seed the pseudo-random number generation if urandom isn't provided. It should NOT be used for cryptography. This true in CPython as well: https://docs.python.org/3/library/random.html Anything that doesn't do cryptography should use random instead of os.urandom because it provides a way to seed the random in cases where we'd want to have fixed behavior for testing.

CPython's secrets module is the right higher level random for cryptography and also the reason we should stop using secrets.py for storing secret information. (Filed #4212 to track it.)

@jepler jepler mentioned this issue Feb 17, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement rp2040 Raspberry Pi RP2040
Projects
None yet
Milestone
Long term
Development

Successfully merging a pull request may close this issue.

raspberrypi: implement os.urandom jepler/circuitpython
5 participants
@tannewt @joelburton @ladyada @jepler @hierophect
0