Roundup Tracker - Issues

Message6158

Author cmeerw
Recipients cmeerw
Date 2018-08-02.20:25:13
Message-id <1533241514.61.0.56676864532.issue2550988@psf.upfronthosting.co.za>
In-reply-to
When SystemRandom is not available, we try to

  from random import random

and then use "random.random()" - but this fails as we have only 
imported the random function, not the module.

In password.py we use os.urandom (for SSHA) without checking if it is 
available.

The places where we reseed the random number generator seem to be a 
bit, well, random. We should probably only reseed after forking, i.e. 
in ForkingServer (roundup_server.py).

And finally, Python 3.6 provides a secrets module - we should probably 
use that, if available, and fall back to SystemRandom/os.urandom and 
finally just the random module.

patch as basis for discussion:

https://bitbucket.org/cmeerw/roundup/commits/3df442e3d72bb8c4755eacc280
9583d62aa813ce
History
Date User Action Args
2018-08-02 20:25:14cmeerwsetrecipients: + cmeerw
2018-08-02 20:25:14cmeerwsetmessageid: <1533241514.61.0.56676864532.issue2550988@psf.upfronthosting.co.za>
2018-08-02 20:25:14cmeerwlinkissue2550988 messages
2018-08-02 20:25:13cmeerwcreate