[Freeipa-devel] [PATCH] [IMPORTANT] Make otptoken use os.urandom() for random data
Martin Kosek
mkosek at redhat.com
Fri Jun 20 19:28:38 UTC 2014
On 06/20/2014 05:59 PM, Simo Sorce wrote:
> On Fri, 2014-06-20 at 11:56 -0400, Nathaniel McCallum wrote:
>> On Thu, 2014-06-19 at 12:43 -0400, Simo Sorce wrote:
>>> On Thu, 2014-06-19 at 12:36 -0400, Nathaniel McCallum wrote:
>>>> This also fixes an error where the default value was not respecting
>>>> the KEY_LENGTH variable.
>>>>
>>>> (NOTE: the os.urandom() change should not change the security properties
>>>> of the existing code. However, the failure of the previous code to
>>>> respect KEY_LENGTH causes us to violate the RFC.)
>>>
>>> LGTM!
>>> I do prefer using os.urandom() directly, as random.SystemRandom uses it
>>> under the hood anyway.
>>
>> Is that an ACK? Because we need to merge a fix of some kind soon.
>
> If someone can actually test it I would prefer, as I did not, and I am
> not sure I will find the time today, that's why I did not give a full
> ACK.
>
> Simo.
>
>
I tested at least the lambda and it worked as expected.
Pushed to master: cf8f143e9823c06ed069c6a031c0c4aa80288840
Martin
More information about the Freeipa-devel
mailing list