diff options
-rwxr-xr-x | mu4web/password.py | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/mu4web/password.py b/mu4web/password.py index 2b4aaa0..af33cb6 100755 --- a/mu4web/password.py +++ b/mu4web/password.py @@ -9,15 +9,14 @@ Also contains an entry point for managing the store. import hashlib import json import os -import random from typing import ( TypedDict, ) def gen_salt(length: int = 10) -> str: - # TODO is this a sufficient source of randomness - return bytearray(random.randint(0, 256) for _ in range(length)).hex() + # urandom is stated to be suitable for cryptographic use. + return bytearray(os.urandom(length)).hex() # Manual list of entries, to stop someone from executing arbitrary |