[Freeipa-devel] [PATCH] [IMPORTANT] Make otptoken use os.urandom() for random data
Nathaniel McCallum
npmccallum at redhat.com
Fri Jun 20 15:56:42 UTC 2014
On Thu, 2014-06-19 at 12:43 -0400, Simo Sorce wrote:
> On Thu, 2014-06-19 at 12:36 -0400, Nathaniel McCallum wrote:
> > This also fixes an error where the default value was not respecting
> > the KEY_LENGTH variable.
> >
> > (NOTE: the os.urandom() change should not change the security properties
> > of the existing code. However, the failure of the previous code to
> > respect KEY_LENGTH causes us to violate the RFC.)
>
> LGTM!
> I do prefer using os.urandom() directly, as random.SystemRandom uses it
> under the hood anyway.
Is that an ACK? Because we need to merge a fix of some kind soon.
Nathaniel
More information about the Freeipa-devel
mailing list