From ebbc83c1ca52620179d94dc1d92c44883273e4ef Mon Sep 17 00:00:00 2001 From: jmaloy Date: Thu, 28 May 2020 08:44:02 +0200 Subject: [PATCH 2/4] utils: use SystemRandom when generating random password. (#204) RH-Author: jmaloy Message-id: <20200313184329.16696-2-jmaloy@redhat.com> Patchwork-id: 94294 O-Subject: [RHEL-8.2 cloud-init PATCH 1/1] utils: use SystemRandom when generating random password. (#204) Bugzilla: 1812174 RH-Acked-by: Eduardo Otubo RH-Acked-by: Vitaly Kuznetsov RH-Acked-by: Mohammed Gamal From: Dimitri John Ledkov As noticed by Seth Arnold, non-deterministic SystemRandom should be used when creating security sensitive random strings. (cherry picked from commit 3e2f7356effc9e9cccc5ae945846279804eedc46) Signed-off-by: Jon Maloy Signed-off-by: Miroslav Rezanina --- cloudinit/util.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cloudinit/util.py b/cloudinit/util.py index 9d9d5c7..5d51ba8 100644 --- a/cloudinit/util.py +++ b/cloudinit/util.py @@ -401,9 +401,10 @@ def translate_bool(val, addons=None): def rand_str(strlen=32, select_from=None): + r = random.SystemRandom() if not select_from: select_from = string.ascii_letters + string.digits - return "".join([random.choice(select_from) for _x in range(0, strlen)]) + return "".join([r.choice(select_from) for _x in range(0, strlen)]) def rand_dict_key(dictionary, postfix=None): -- 1.8.3.1