7ec9e8
From ebbc83c1ca52620179d94dc1d92c44883273e4ef Mon Sep 17 00:00:00 2001
7ec9e8
From: jmaloy <jmaloy@redhat.com>
7ec9e8
Date: Thu, 28 May 2020 08:44:02 +0200
7ec9e8
Subject: [PATCH 2/4] utils: use SystemRandom when generating random password.
7ec9e8
 (#204)
7ec9e8
7ec9e8
RH-Author: jmaloy <jmaloy@redhat.com>
7ec9e8
Message-id: <20200313184329.16696-2-jmaloy@redhat.com>
7ec9e8
Patchwork-id: 94294
7ec9e8
O-Subject: [RHEL-8.2 cloud-init PATCH 1/1] utils: use SystemRandom when generating random password. (#204)
7ec9e8
Bugzilla: 1812174
7ec9e8
RH-Acked-by: Eduardo Otubo <eterrell@redhat.com>
7ec9e8
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
7ec9e8
RH-Acked-by: Mohammed Gamal <mgamal@redhat.com>
7ec9e8
7ec9e8
From: Dimitri John Ledkov <xnox@ubuntu.com>
7ec9e8
7ec9e8
As noticed by Seth Arnold, non-deterministic SystemRandom should be
7ec9e8
used when creating security sensitive random strings.
7ec9e8
7ec9e8
(cherry picked from commit 3e2f7356effc9e9cccc5ae945846279804eedc46)
7ec9e8
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
7ec9e8
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
7ec9e8
---
7ec9e8
 cloudinit/util.py | 3 ++-
7ec9e8
 1 file changed, 2 insertions(+), 1 deletion(-)
7ec9e8
7ec9e8
diff --git a/cloudinit/util.py b/cloudinit/util.py
7ec9e8
index 9d9d5c7..5d51ba8 100644
7ec9e8
--- a/cloudinit/util.py
7ec9e8
+++ b/cloudinit/util.py
7ec9e8
@@ -401,9 +401,10 @@ def translate_bool(val, addons=None):
7ec9e8
 
7ec9e8
 
7ec9e8
 def rand_str(strlen=32, select_from=None):
7ec9e8
+    r = random.SystemRandom()
7ec9e8
     if not select_from:
7ec9e8
         select_from = string.ascii_letters + string.digits
7ec9e8
-    return "".join([random.choice(select_from) for _x in range(0, strlen)])
7ec9e8
+    return "".join([r.choice(select_from) for _x in range(0, strlen)])
7ec9e8
 
7ec9e8
 
7ec9e8
 def rand_dict_key(dictionary, postfix=None):
7ec9e8
-- 
7ec9e8
1.8.3.1
7ec9e8