Re: [Freeipa-devel] [PATCH] [IMPORTANT] Make otptoken use os.urandom() for random data
On Thu, 2014-06-19 at 12:43 -0400, Simo Sorce wrote: On Thu, 2014-06-19 at 12:36 -0400, Nathaniel McCallum wrote: This also fixes an error where the default value was not respecting the KEY_LENGTH variable. (NOTE: the os.urandom() change should not change the security properties of the existing code. However, the failure of the previous code to respect KEY_LENGTH causes us to violate the RFC.) LGTM! I do prefer using os.urandom() directly, as random.SystemRandom uses it under the hood anyway. Is that an ACK? Because we need to merge a fix of some kind soon. Nathaniel ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] [IMPORTANT] Make otptoken use os.urandom() for random data
On Fri, 2014-06-20 at 11:56 -0400, Nathaniel McCallum wrote: On Thu, 2014-06-19 at 12:43 -0400, Simo Sorce wrote: On Thu, 2014-06-19 at 12:36 -0400, Nathaniel McCallum wrote: This also fixes an error where the default value was not respecting the KEY_LENGTH variable. (NOTE: the os.urandom() change should not change the security properties of the existing code. However, the failure of the previous code to respect KEY_LENGTH causes us to violate the RFC.) LGTM! I do prefer using os.urandom() directly, as random.SystemRandom uses it under the hood anyway. Is that an ACK? Because we need to merge a fix of some kind soon. If someone can actually test it I would prefer, as I did not, and I am not sure I will find the time today, that's why I did not give a full ACK. Simo. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] [IMPORTANT] Make otptoken use os.urandom() for random data
On Thu, 2014-06-19 at 12:36 -0400, Nathaniel McCallum wrote: This also fixes an error where the default value was not respecting the KEY_LENGTH variable. (NOTE: the os.urandom() change should not change the security properties of the existing code. However, the failure of the previous code to respect KEY_LENGTH causes us to violate the RFC.) LGTM! I do prefer using os.urandom() directly, as random.SystemRandom uses it under the hood anyway. Simo. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel