Random: Improve the comment attached to _UserFriendlyRNG#_check_pid

author: Dwayne C. Litzenberger <dlitz@dlitz.net> 2009-08-28 12:22:27 -0400
committer: Dwayne C. Litzenberger <dlitz@dlitz.net> 2009-08-28 12:27:52 -0400
commit: 02e3976a18bb08e13464184b702ddeebd5c8b74b (patch)
tree: fe14bd6bf46fdc2d55d6247e66de1eeab72b3a56
parent: 5236ec3b7fa1204a36bd5aebd880b9468c961e9e (diff)
download: pycrypto-02e3976a18bb08e13464184b702ddeebd5c8b74b.tar.gz
1 files changed, 9 insertions, 1 deletions
diff --git a/lib/Crypto/Random/_UserFriendlyRNG.py b/lib/Crypto/Random/_UserFriendlyRNG.py
index 58b2246..fd40e96 100644
--- a/lib/Crypto/Random/_UserFriendlyRNG.py
+++ b/lib/Crypto/Random/_UserFriendlyRNG.py
@@ -123,7 +123,15 @@ class _UserFriendlyRNG(object):
         return retval
 
     def _check_pid(self):
-        # Lame fork detection to remind the user not to use the same PRNG between forked processes.
+        # Lame fork detection to remind developers to invoke Random.atfork()
+        # after every call to os.fork().  Note that this check is not reliable,
+        # since process IDs can be reused on most operating systems.
+        #
+        # You need to do Random.atfork() in the child process after every call
+        # to os.fork() to avoid reusing PRNG state.  If you want to avoid
+        # leaking PRNG state to child processes (for example, if you are using
+        # os.setuid()) then you should also invoke Random.atfork() in the
+        # *parent* process.
         if os.getpid() != self._pid:
             raise AssertionError("PID check failed. RNG must be re-initialized after fork(). Hint: Try Random.atfork()")
author	Dwayne C. Litzenberger <dlitz@dlitz.net>	2009-08-28 12:22:27 -0400
committer	Dwayne C. Litzenberger <dlitz@dlitz.net>	2009-08-28 12:27:52 -0400
commit	02e3976a18bb08e13464184b702ddeebd5c8b74b (patch)
tree	fe14bd6bf46fdc2d55d6247e66de1eeab72b3a56
parent	5236ec3b7fa1204a36bd5aebd880b9468c961e9e (diff)
download	pycrypto-02e3976a18bb08e13464184b702ddeebd5c8b74b.tar.gz