From 1296968f85a67519c4916c56000332832a2526e1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hugo=20H=C3=B6rnquist?= <hugo@lysator.liu.se>
Date: Thu, 1 Dec 2022 13:28:22 +0100
Subject: Resolve TODO about source of randomness.

---
 mu4web/password.py | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/mu4web/password.py b/mu4web/password.py
index 2b4aaa0..af33cb6 100755
--- a/mu4web/password.py
+++ b/mu4web/password.py
@@ -9,15 +9,14 @@ Also contains an entry point for managing the store.
 import hashlib
 import json
 import os
-import random
 from typing import (
     TypedDict,
 )
 
 
 def gen_salt(length: int = 10) -> str:
-    # TODO is this a sufficient source of randomness
-    return bytearray(random.randint(0, 256) for _ in range(length)).hex()
+    # urandom is stated to be suitable for cryptographic use.
+    return bytearray(os.urandom(length)).hex()
 
 
 # Manual list of entries, to stop someone from executing arbitrary
-- 
cgit v1.2.3