From cdb5f116c3a43ff2a5943cdadd0562ec03054a5b Mon Sep 17 00:00:00 2001

From: jmaloy <jmaloy@redhat.com>

Date: Fri, 13 Mar 2020 18:55:18 +0100

Subject: [PATCH 4/5] utils: use SystemRandom when generating random password.

 (#204)

Message-id: <20200313185518.18544-2-jmaloy@redhat.com>

Patchwork-id: 94296

O-Subject: [RHEL-7.9 cloud-init PATCH 1/1] utils: use SystemRandom when generating random password. (#204)

Bugzilla: 1812173

RH-Acked-by: Mohammed Gamal <mgamal@redhat.com>

RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>

RH-Acked-by: Eduardo Otubo <eterrell@redhat.com>

From: Dimitri John Ledkov <xnox@ubuntu.com>

As noticed by Seth Arnold, non-deterministic SystemRandom should be

used when creating security sensitive random strings.

(cherry picked from commit 3e2f7356effc9e9cccc5ae945846279804eedc46)

Signed-off-by: Jon Maloy <jmaloy@redhat.com>

Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>

---

 cloudinit/util.py | 3 ++-

 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/cloudinit/util.py b/cloudinit/util.py

index 9d9d5c7..5d51ba8 100644

--- a/cloudinit/util.py

+++ b/cloudinit/util.py

@@ -401,9 +401,10 @@ def translate_bool(val, addons=None):

 def rand_str(strlen=32, select_from=None):

+    r = random.SystemRandom()

     if not select_from:

         select_from = string.ascii_letters + string.digits

-    return "".join([random.choice(select_from) for _x in range(0, strlen)])

+    return "".join([r.choice(select_from) for _x in range(0, strlen)])

 def rand_dict_key(dictionary, postfix=None):

-- 

1.8.3.1