Mercurial > kallithea
changeset 5216:3e81e6534cad stable
auth: make random password generator more random
Use the secure os.urandom instead of the pseudo-random 'random' module.
author | Mads Kiilerich <madski@unity3d.com> |
---|---|
date | Tue, 07 Jul 2015 02:09:35 +0200 |
parents | 7eb5bbbfb8dd |
children | 9a02f9ef28d7 |
files | kallithea/lib/auth.py |
diffstat | 1 files changed, 9 insertions(+), 9 deletions(-) [+] |
line wrap: on
line diff
--- a/kallithea/lib/auth.py Fri May 15 18:07:27 2015 +0200 +++ b/kallithea/lib/auth.py Tue Jul 07 02:09:35 2015 +0200 @@ -26,7 +26,7 @@ """ from __future__ import with_statement import time -import random +import os import logging import traceback import hashlib @@ -85,14 +85,14 @@ ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM - def __init__(self, passwd=''): - self.passwd = passwd - - def gen_password(self, length, type_=None): - if type_ is None: - type_ = self.ALPHABETS_FULL - self.passwd = ''.join([random.choice(type_) for _ in xrange(length)]) - return self.passwd + def gen_password(self, length, alphabet=ALPHABETS_FULL): + assert len(alphabet) <= 256, alphabet + l = [] + while len(l) < length: + i = ord(os.urandom(1)) + if i < len(alphabet): + l.append(alphabet[i]) + return ''.join(l) class KallitheaCrypto(object):