From 063e515e780c241ddac755b0b9a2414316d983f5 Mon Sep 17 00:00:00 2001
From: Ivan Kolodyazhny <e0ne@e0ne.info>
Date: Wed, 9 Jul 2014 19:08:18 +0300
Subject: [PATCH] Use PyCrypto to generate randomness passwords

Standard random generator is not secure enouph. Use PyCrypto instead.
Updated requirements.txt with pycrypto>=2.6 according to
global-requirements

Change-Id: I38fd47a30893a946de30fad95c57759781312be6
Closes: bug #1319639
---
 cinder/utils.py  | 12 +++++-------
 requirements.txt |  1 +
 2 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/cinder/utils.py b/cinder/utils.py
index b03ed354e..d3fb33df2 100644
--- a/cinder/utils.py
+++ b/cinder/utils.py
@@ -24,13 +24,13 @@ import hashlib
 import inspect
 import os
 import pyclbr
-import random
 import re
 import shutil
 import stat
 import sys
 import tempfile
 
+from Crypto.Random import random
 from eventlet import pools
 from oslo.config import cfg
 import paramiko
@@ -381,26 +381,24 @@ def generate_password(length=20, symbolgroups=DEFAULT_PASSWORD_SYMBOLS):
     Believed to be reasonably secure (with a reasonable password length!)
 
     """
-    r = random.SystemRandom()
-
     # NOTE(jerdfelt): Some password policies require at least one character
     # from each group of symbols, so start off with one random character
     # from each symbol group
-    password = [r.choice(s) for s in symbolgroups]
+    password = [random.choice(s) for s in symbolgroups]
     # If length < len(symbolgroups), the leading characters will only
     # be from the first length groups. Try our best to not be predictable
     # by shuffling and then truncating.
-    r.shuffle(password)
+    random.shuffle(password)
     password = password[:length]
     length -= len(password)
 
     # then fill with random characters from all symbol groups
     symbols = ''.join(symbolgroups)
-    password.extend([r.choice(symbols) for _i in xrange(length)])
+    password.extend([random.choice(symbols) for _i in xrange(length)])
 
     # finally shuffle to ensure first x characters aren't from a
     # predictable group
-    r.shuffle(password)
+    random.shuffle(password)
 
     return ''.join(password)
 
diff --git a/requirements.txt b/requirements.txt
index f2d7e5f09..4089d6a46 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -14,6 +14,7 @@ oslo.rootwrap
 paramiko>=1.13.0
 Paste
 PasteDeploy>=1.5.0
+pycrypto>=2.6
 python-glanceclient>=0.13.1
 python-keystoneclient>=0.9.0
 python-novaclient>=2.17.0
-- 
2.45.2