# HG changeset patch # User Mads Kiilerich # Date 1436227775 -7200 # Node ID 3e81e6534cad077bdd2e652cb6135bd59401d5f2 # Parent 7eb5bbbfb8ddd90907f47c1ae0c653d4b41f396b auth: make random password generator more random Use the secure os.urandom instead of the pseudo-random 'random' module. diff -r 7eb5bbbfb8dd -r 3e81e6534cad kallithea/lib/auth.py --- a/kallithea/lib/auth.py Fri May 15 18:07:27 2015 +0200 +++ b/kallithea/lib/auth.py Tue Jul 07 02:09:35 2015 +0200 @@ -26,7 +26,7 @@ """ from __future__ import with_statement import time -import random +import os import logging import traceback import hashlib @@ -85,14 +85,14 @@ ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM - def __init__(self, passwd=''): - self.passwd = passwd - - def gen_password(self, length, type_=None): - if type_ is None: - type_ = self.ALPHABETS_FULL - self.passwd = ''.join([random.choice(type_) for _ in xrange(length)]) - return self.passwd + def gen_password(self, length, alphabet=ALPHABETS_FULL): + assert len(alphabet) <= 256, alphabet + l = [] + while len(l) < length: + i = ord(os.urandom(1)) + if i < len(alphabet): + l.append(alphabet[i]) + return ''.join(l) class KallitheaCrypto(object):