Commit 98c5671d authored by Laurent Bachelier's avatar Laurent Bachelier

Use better random sources if possible

parent 8f379852
import os
from binascii import hexlify
__all__ = ['random', 'armored_random',
'new_user_key', 'new_salt', 'new_secret']
def random(n):
"""
Get random bytes.
Try to use the best random source or fall back to os.urandom.
"""
try:
with open("/dev/random", "r") as randomfd:
bs = b""
while n > len(bs):
bs += randomfd.read(n - len(bs))
return bs
except (OSError, IOError):
return os.urandom(n)
def armored_random(n):
"""
Get a random string with no special characters.
n is the number of source bytes, not the final string length.
"""
return hexlify(random(n))
def new_user_key():
return armored_random(16)
def new_salt():
return armored_random(42)
def new_secret():
"""
Replacement for hexlify(paste.auth.cookie.new_secret())
Must return a string of 128.
"""
return armored_random(64)
......@@ -21,9 +21,8 @@
import posixpath
import re
import os
from binascii import hexlify
from paste import httpserver
from paste.auth.cookie import AuthCookieSigner, new_secret
from paste.auth.cookie import AuthCookieSigner
from paste.fileapp import FileApp as PasteFileApp
from webob import Request, Response
from webob.exc import HTTPError, HTTPFound, HTTPNotFound, HTTPForbidden, \
......@@ -41,6 +40,7 @@ from .template import build_lookup, build_vars
from .users import Anonymous
from .routes import Router
from .filters import quote_url, quote_path
from .security import new_secret
__all__ = ['ViewAction', 'Action', 'Server', 'FileApp']
......@@ -114,7 +114,7 @@ class Context(object):
self.cookie_secret = config.data["web"].get("cookie_secret")
try:
if self.cookie_secret is None:
self.cookie_secret = hexlify(new_secret())
self.cookie_secret = new_secret()
config.data["web"]["cookie_secret"] = self.cookie_secret
config.save()
# store the absolute root url (useful when in CLI)
......
......@@ -23,10 +23,10 @@ __all__ = ['Group', 'IUser', 'User', 'Anonymous']
from .obj import IObject
from .mail import Mail
from .security import new_salt, new_user_key
import os
import hashlib
from binascii import hexlify
class Group(object):
......@@ -91,7 +91,7 @@ class User(IUser, IObject):
return mail
def gen_key(self):
self.key = hexlify(os.urandom(16))
self.key = new_user_key()
def _get_confname(self):
return os.path.join('users', self.name)
......@@ -112,7 +112,7 @@ class User(IUser, IObject):
self.data['auth']['key'] = self.key if self.key else None
# only update password when set
if isinstance(self.password, basestring):
salt = hexlify(os.urandom(42))
salt = new_salt()
version = 1
hpwd = self.hash_password(self.password, salt, version)
self.data['auth']['password'] = hpwd
......
from ass2m import security
from unittest import TestCase
class SecurityTest(TestCase):
def test_random(self):
assert len(security.random(42)) > len(security.random(41))
assert len(security.armored_random(42)) > \
len(security.armored_random(41))
# check if it is not the end of the world
assert security.armored_random(42) != \
security.armored_random(42) != \
security.armored_random(42) != \
security.armored_random(42) != \
security.armored_random(42) != \
security.armored_random(42) != \
security.armored_random(42)
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment