diff --git a/netbox/secrets/models.py b/netbox/secrets/models.py index 2b76e0f5a..7cebb744c 100644 --- a/netbox/secrets/models.py +++ b/netbox/secrets/models.py @@ -302,8 +302,8 @@ class Secret(ChangeLoggedModel, CustomFieldModel): Device; Devices may have multiple Secrets associated with them. A name can optionally be defined along with the ciphertext; this string is stored as plain text in the database. - A Secret can be up to 65,536 bytes (64KB) in length. Each secret string will be padded with random data to a minimum - of 64 bytes during encryption in order to protect short strings from ciphertext analysis. + A Secret can be up to 65,535 bytes (64KB - 1B) in length. Each secret string will be padded with random data to + a minimum of 64 bytes during encryption in order to protect short strings from ciphertext analysis. """ device = models.ForeignKey( to='dcim.Device', @@ -320,7 +320,7 @@ class Secret(ChangeLoggedModel, CustomFieldModel): blank=True ) ciphertext = models.BinaryField( - max_length=65568, # 16B IV + 2B pad length + {62-65550}B padded + max_length=65568, # 128-bit IV + 16-bit pad length + 65535B secret + 15B padding editable=False ) hash = models.CharField( @@ -388,11 +388,7 @@ class Secret(ChangeLoggedModel, CustomFieldModel): else: pad_length = 0 - # Python 2 compatibility - if sys.version_info[0] < 3: - header = chr(len(s) >> 8) + chr(len(s) % 256) - else: - header = bytes([len(s) >> 8]) + bytes([len(s) % 256]) + header = bytes([len(s) >> 8]) + bytes([len(s) % 256]) return header + s + os.urandom(pad_length)