diff options
author | Hugo Hörnquist <hugo@lysator.liu.se> | 2022-12-01 13:28:22 +0100 |
---|---|---|
committer | Hugo Hörnquist <hugo@lysator.liu.se> | 2022-12-01 13:28:22 +0100 |
commit | 1296968f85a67519c4916c56000332832a2526e1 (patch) | |
tree | 22375e18d2b11687a9db09f8e80860b3a11de463 | |
parent | Further translations. (diff) | |
download | mu4web-1296968f85a67519c4916c56000332832a2526e1.tar.gz mu4web-1296968f85a67519c4916c56000332832a2526e1.tar.xz |
Resolve TODO about source of randomness.
-rwxr-xr-x | mu4web/password.py | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/mu4web/password.py b/mu4web/password.py index 2b4aaa0..af33cb6 100755 --- a/mu4web/password.py +++ b/mu4web/password.py @@ -9,15 +9,14 @@ Also contains an entry point for managing the store. import hashlib import json import os -import random from typing import ( TypedDict, ) def gen_salt(length: int = 10) -> str: - # TODO is this a sufficient source of randomness - return bytearray(random.randint(0, 256) for _ in range(length)).hex() + # urandom is stated to be suitable for cryptographic use. + return bytearray(os.urandom(length)).hex() # Manual list of entries, to stop someone from executing arbitrary |