]> review.fuel-infra Code Review - openstack-build/cinder-build.git/commitdiff
Code Review / openstack-build / cinder-build.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: cac7800)
Use PyCrypto to generate randomness passwords
authorIvan Kolodyazhny <e0ne@e0ne.info>
Wed, 9 Jul 2014 16:08:18 +0000 (19:08 +0300)
committerIvan Kolodyazhny <e0ne@e0ne.info>
Wed, 9 Jul 2014 18:08:17 +0000 (21:08 +0300)
Standard random generator is not secure enouph. Use PyCrypto instead.
Updated requirements.txt with pycrypto>=2.6 according to
global-requirements

Change-Id: I38fd47a30893a946de30fad95c57759781312be6
Closes: bug #1319639
cinder/utils.py patch | blob | history
requirements.txt patch | blob | history

diff --git a/cinder/utils.py b/cinder/utils.py
index b03ed354e06511c2f2072283139f24d9ea500e2e..d3fb33df246b738b8c41f4c825eccbc7fc60b73c 100644 (file)
--- a/cinder/utils.py
+++ b/cinder/utils.py
@@ -24,13 +24,13 @@ import hashlib
 import inspect
 import os
 import pyclbr
-import random
 import re
 import shutil
 import stat
 import sys
 import tempfile
 
+from Crypto.Random import random
 from eventlet import pools
 from oslo.config import cfg
 import paramiko
@@ -381,26 +381,24 @@ def generate_password(length=20, symbolgroups=DEFAULT_PASSWORD_SYMBOLS):
     Believed to be reasonably secure (with a reasonable password length!)
 
     """
-    r = random.SystemRandom()
-
     # NOTE(jerdfelt): Some password policies require at least one character
     # from each group of symbols, so start off with one random character
     # from each symbol group
-    password = [r.choice(s) for s in symbolgroups]
+    password = [random.choice(s) for s in symbolgroups]
     # If length < len(symbolgroups), the leading characters will only
     # be from the first length groups. Try our best to not be predictable
     # by shuffling and then truncating.
-    r.shuffle(password)
+    random.shuffle(password)
     password = password[:length]
     length -= len(password)
 
     # then fill with random characters from all symbol groups
     symbols = ''.join(symbolgroups)
-    password.extend([r.choice(symbols) for _i in xrange(length)])
+    password.extend([random.choice(symbols) for _i in xrange(length)])
 
     # finally shuffle to ensure first x characters aren't from a
     # predictable group
-    r.shuffle(password)
+    random.shuffle(password)
 
     return ''.join(password)
 
diff --git a/requirements.txt b/requirements.txt
index f2d7e5f09f332cb83f2593d30303352001b9fb34..4089d6a46cd88144491947e895a3974cac309fe4 100644 (file)
--- a/requirements.txt
+++ b/requirements.txt
@@ -14,6 +14,7 @@ oslo.rootwrap
 paramiko>=1.13.0
 Paste
 PasteDeploy>=1.5.0
+pycrypto>=2.6
 python-glanceclient>=0.13.1
 python-keystoneclient>=0.9.0
 python-novaclient>=2.17.0