subject:"Re\: \[Freeipa\-devel\] \[PATCH\] \[IMPORTANT\] Make otptoken use os.urandom\(\) for random data"

Re: [Freeipa-devel] [PATCH] [IMPORTANT] Make otptoken use os.urandom() for random data

2014-06-20 Thread Nathaniel McCallum

On Thu, 2014-06-19 at 12:43 -0400, Simo Sorce wrote:
 On Thu, 2014-06-19 at 12:36 -0400, Nathaniel McCallum wrote:
  This also fixes an error where the default value was not respecting
  the KEY_LENGTH variable.
  
  (NOTE: the os.urandom() change should not change the security properties
  of the existing code. However, the failure of the previous code to
  respect KEY_LENGTH causes us to violate the RFC.)
 
 LGTM!
 I do prefer using os.urandom() directly, as random.SystemRandom uses it
 under the hood anyway.

Is that an ACK? Because we need to merge a fix of some kind soon.

Nathaniel

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] [IMPORTANT] Make otptoken use os.urandom() for random data

2014-06-20 Thread Simo Sorce

On Fri, 2014-06-20 at 11:56 -0400, Nathaniel McCallum wrote:
 On Thu, 2014-06-19 at 12:43 -0400, Simo Sorce wrote:
  On Thu, 2014-06-19 at 12:36 -0400, Nathaniel McCallum wrote:
   This also fixes an error where the default value was not respecting
   the KEY_LENGTH variable.
   
   (NOTE: the os.urandom() change should not change the security properties
   of the existing code. However, the failure of the previous code to
   respect KEY_LENGTH causes us to violate the RFC.)
  
  LGTM!
  I do prefer using os.urandom() directly, as random.SystemRandom uses it
  under the hood anyway.
 
 Is that an ACK? Because we need to merge a fix of some kind soon.

If someone can actually test it I would prefer, as I did not, and I am
not sure I will find the time today, that's why I did not give a full
ACK.

Simo.


___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] [IMPORTANT] Make otptoken use os.urandom() for random data

2014-06-19 Thread Simo Sorce

On Thu, 2014-06-19 at 12:36 -0400, Nathaniel McCallum wrote:
 This also fixes an error where the default value was not respecting
 the KEY_LENGTH variable.
 
 (NOTE: the os.urandom() change should not change the security properties
 of the existing code. However, the failure of the previous code to
 respect KEY_LENGTH causes us to violate the RFC.)

LGTM!
I do prefer using os.urandom() directly, as random.SystemRandom uses it
under the hood anyway.

Simo.

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] [IMPORTANT] Make otptoken use os.urandom() for random data

Re: [Freeipa-devel] [PATCH] [IMPORTANT] Make otptoken use os.urandom() for random data

Re: [Freeipa-devel] [PATCH] [IMPORTANT] Make otptoken use os.urandom() for random data

3 matches

Site Navigation

Mail list logo

Footer information