diff options
| author | Justin Santa Barbara <justin@fathomdb.com> | 2011-03-14 20:48:33 -0700 |
|---|---|---|
| committer | Justin Santa Barbara <justin@fathomdb.com> | 2011-03-14 20:48:33 -0700 |
| commit | da605eb84f7d5de741225ff936447db01690a04f (patch) | |
| tree | e6af0039c6a183fd171ff62b06636fbb9281e105 | |
| parent | 5da32f8b917d461388d0186af52946a3f7d2c665 (diff) | |
| download | nova-da605eb84f7d5de741225ff936447db01690a04f.tar.gz nova-da605eb84f7d5de741225ff936447db01690a04f.tar.xz nova-da605eb84f7d5de741225ff936447db01690a04f.zip | |
Don't generate insecure passwords where it's easy to use urandom instead
| -rw-r--r-- | nova/console/manager.py | 2 | ||||
| -rw-r--r-- | nova/console/xvp.py | 4 | ||||
| -rw-r--r-- | nova/utils.py | 15 |
3 files changed, 11 insertions, 10 deletions
diff --git a/nova/console/manager.py b/nova/console/manager.py index 57c75cf4f..bfa571ea9 100644 --- a/nova/console/manager.py +++ b/nova/console/manager.py @@ -69,7 +69,7 @@ class ConsoleProxyManager(manager.Manager): except exception.NotFound: logging.debug(_("Adding console")) if not password: - password = self.driver.generate_password() + password = utils.generate_password(8) if not port: port = self.driver.get_port(context) console_data = {'instance_name': name, diff --git a/nova/console/xvp.py b/nova/console/xvp.py index 68d8c8565..0cedfbb13 100644 --- a/nova/console/xvp.py +++ b/nova/console/xvp.py @@ -91,10 +91,6 @@ class XVPConsoleProxy(object): """Trim password to length, and encode""" return self._xvp_encrypt(password) - def generate_password(self, length=8): - """Returns random console password""" - return os.urandom(length * 2).encode('base64')[:length] - def _rebuild_xvp_conf(self, context): logging.debug(_("Rebuilding xvp conf")) pools = [pool for pool in diff --git a/nova/utils.py b/nova/utils.py index 87e726394..9c8b27d56 100644 --- a/nova/utils.py +++ b/nova/utils.py @@ -263,12 +263,17 @@ def generate_mac(): def generate_password(length=20): - """Generate a random sequence of letters and digits - to be used as a password. Note that this is not intended - to represent the ultimate in security. + """Generate a random alphanumeric password, avoiding 'confusing' O,0,I,1. + + Believed to be reasonably secure (with a reasonable password length!) """ - chrs = string.letters + string.digits - return "".join([random.choice(chrs) for i in xrange(length)]) + # 26 letters, 10 digits = 36 + # Remove O, 0, I, 1 => 32 digits + # 32 digits means we're just using the low 5 bit of each byte + chrs = "ABCDEFGHJKLMNPQRSTUVWXYZ23456789" + + random_bytes = os.urandom(length) + return "".join([chrs[ord(random_bytes[i]) % 32] for i in xrange(length)]) def last_octet(address): |