NeoAnd/netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2025-07-31 21:06:25 -06:00
Code Issues Actions 12 Packages Projects Releases Wiki Activity

[security] generate_secret_key should use a csprng

Browse Source 
Original implementation used a very large seed (2048 bytes) but then performed
encoding using the insecure Mersenne Twister pseudo random number generator.
`random.seed` would actually take a `hash` of the input resulting in a much
smaller keyspace (~63bits) and then biases in the insecure random number
generator could result in more predictable keys than intended.

The new implementation uses the system's cryptographically secure pseudo
random number generator (`os.urandom`) with `512` bits and then does a
straight encoding of that using base64, resulting in ~312 bits entropy.
This commit is contained in:
Tommy Murphy 2017-04-20 17:31:33 -04:00
parent 401357b8cb
commit 72be86794e
1 changed files with 2 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
netbox/generate_secret_key.py
View File

@ -1,8 +1,6 @@
#!/usr/bin/env python #!/usr/bin/env python
# This script will generate a random 50-character string suitable for use as a SECRET_KEY. # This script will generate a random 50-character string suitable for use as a SECRET_KEY.
import os import os
import random import base64
charset = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*(-_=+)' print(base64.urlsafe_b64encode(os.urandom(64))[:50])
random.seed = (os.urandom(2048))
print(''.join(random.choice(charset) for c in range(50)))