diff options
| author | Justin Santa Barbara <justin@fathomdb.com> | 2011-03-14 20:48:33 -0700 |
|---|---|---|
| committer | Justin Santa Barbara <justin@fathomdb.com> | 2011-03-14 20:48:33 -0700 |
| commit | da605eb84f7d5de741225ff936447db01690a04f (patch) | |
| tree | e6af0039c6a183fd171ff62b06636fbb9281e105 /nova/utils.py | |
| parent | 5da32f8b917d461388d0186af52946a3f7d2c665 (diff) | |
| download | nova-da605eb84f7d5de741225ff936447db01690a04f.tar.gz nova-da605eb84f7d5de741225ff936447db01690a04f.tar.xz nova-da605eb84f7d5de741225ff936447db01690a04f.zip | |
Don't generate insecure passwords where it's easy to use urandom instead
Diffstat (limited to 'nova/utils.py')
| -rw-r--r-- | nova/utils.py | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/nova/utils.py b/nova/utils.py index 87e726394..9c8b27d56 100644 --- a/nova/utils.py +++ b/nova/utils.py @@ -263,12 +263,17 @@ def generate_mac(): def generate_password(length=20): - """Generate a random sequence of letters and digits - to be used as a password. Note that this is not intended - to represent the ultimate in security. + """Generate a random alphanumeric password, avoiding 'confusing' O,0,I,1. + + Believed to be reasonably secure (with a reasonable password length!) """ - chrs = string.letters + string.digits - return "".join([random.choice(chrs) for i in xrange(length)]) + # 26 letters, 10 digits = 36 + # Remove O, 0, I, 1 => 32 digits + # 32 digits means we're just using the low 5 bit of each byte + chrs = "ABCDEFGHJKLMNPQRSTUVWXYZ23456789" + + random_bytes = os.urandom(length) + return "".join([chrs[ord(random_bytes[i]) % 32] for i in xrange(length)]) def last_octet(address): |