[Freeipa-devel] [freeipa PR#317][comment] Unify password generation across FreeIPA
tiran
freeipa-github-notification at redhat.com
Thu Dec 8 14:59:06 UTC 2016
URL: https://github.com/freeipa/freeipa/pull/317
Title: #317: Unify password generation across FreeIPA
tiran commented:
"""
Please don't use a hack like sha1() to turn a random byte sequence into a hex value. At best sha1 keeps the entropy of the input. I also don't like the fact that the function only cares about the length of the output. The actual length is irrelevant. We care about the entropy of the output.
Let's drop pwd_len and apply proper math instead:
```
import math
import random
import string
alnum = string.ascii_letters + string.digits
sysrandom = random.SystemRandom() # uses os.urandom() as RNG
def mkpasswd(entropy_bits=128, symbols=alnum):
length = int(math.ceil(entropy_bits / math.log(len(symbols), 2)))
return ''.join(sysrandom.choice(symbols) for _ in range(length))
```
"""
See the full comment at https://github.com/freeipa/freeipa/pull/317#issuecomment-265760379
More information about the Freeipa-devel
mailing list