Message6158
When SystemRandom is not available, we try to
from random import random
and then use "random.random()" - but this fails as we have only
imported the random function, not the module.
In password.py we use os.urandom (for SSHA) without checking if it is
available.
The places where we reseed the random number generator seem to be a
bit, well, random. We should probably only reseed after forking, i.e.
in ForkingServer (roundup_server.py).
And finally, Python 3.6 provides a secrets module - we should probably
use that, if available, and fall back to SystemRandom/os.urandom and
finally just the random module.
patch as basis for discussion:
https://bitbucket.org/cmeerw/roundup/commits/3df442e3d72bb8c4755eacc280
9583d62aa813ce |
|
Date |
User |
Action |
Args |
2018-08-02 20:25:14 | cmeerw | set | recipients:
+ cmeerw |
2018-08-02 20:25:14 | cmeerw | set | messageid: <1533241514.61.0.56676864532.issue2550988@psf.upfronthosting.co.za> |
2018-08-02 20:25:14 | cmeerw | link | issue2550988 messages |
2018-08-02 20:25:13 | cmeerw | create | |
|