Mercurial > kallithea

changeset 5216:3e81e6534cad stable

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
auth: make random password generator more random Use the secure os.urandom instead of the pseudo-random 'random' module.
author Mads Kiilerich <madski@unity3d.com>
date Tue, 07 Jul 2015 02:09:35 +0200
parents 7eb5bbbfb8dd
children 9a02f9ef28d7
files kallithea/lib/auth.py
diffstat 1 files changed, 9 insertions(+), 9 deletions(-) [+]
line wrap: on
line diff
--- a/kallithea/lib/auth.py	Fri May 15 18:07:27 2015 +0200
+++ b/kallithea/lib/auth.py	Tue Jul 07 02:09:35 2015 +0200
@@ -26,7 +26,7 @@
 """
 from __future__ import with_statement
 import time
-import random
+import os
 import logging
 import traceback
 import hashlib
@@ -85,14 +85,14 @@
     ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM
     ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM
 
-    def __init__(self, passwd=''):
-        self.passwd = passwd
-
-    def gen_password(self, length, type_=None):
-        if type_ is None:
-            type_ = self.ALPHABETS_FULL
-        self.passwd = ''.join([random.choice(type_) for _ in xrange(length)])
-        return self.passwd
+    def gen_password(self, length, alphabet=ALPHABETS_FULL):
+        assert len(alphabet) <= 256, alphabet
+        l = []
+        while len(l) < length:
+            i = ord(os.urandom(1))
+            if i < len(alphabet):
+                l.append(alphabet[i])
+        return ''.join(l)
 
 
 class KallitheaCrypto(object):