[Freeipa-devel] [freeipa PR#317][comment] Unify password generation across FreeIPA

tiran Thu, 08 Dec 2016 06:59:51 -0800

  URL: https://github.com/freeipa/freeipa/pull/317
Title: #317: Unify password generation across FreeIPA


tiran commented:
"""
Please don't use a hack like sha1() to turn a random byte sequence into a hex 
value. At best sha1 keeps the entropy of the input. I also don't like the fact 
that the function only cares about the length of the output. The actual length 
is irrelevant. We care about the entropy of the output.

Let's drop pwd_len and apply proper math instead:

```
import math
import random
import string

alnum = string.ascii_letters + string.digits
sysrandom = random.SystemRandom()  # uses os.urandom() as RNG

def mkpasswd(entropy_bits=128, symbols=alnum):
    length = int(math.ceil(entropy_bits / math.log(len(symbols), 2)))
    return ''.join(sysrandom.choice(symbols) for _ in range(length))
```
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/317#issuecomment-265760379

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#317][comment] Unify password generation across FreeIPA

Reply via email to