Using random.random() should not be used to generate randomness used for security reasons
Bug #1319643 reported by
Zhang Yun
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cinder |
Fix Released
|
Medium
|
Ollie Leahy | ||
OpenStack Security Advisory |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
In cinder code : /cinder/
rndstr = ""
random.
while len(rndstr) < length:
rndstr += hashlib.
return rndstr[0:length]
information type: | Private Security → Public Security |
Changed in ossa: | |
status: | New → Incomplete |
Changed in cinder: | |
status: | Fix Committed → Fix Released |
Changed in cinder: | |
milestone: | juno-1 → 2014.2 |
To post a comment you must log in.
cinder coresec: could you comment on what that "slightly random" number is actually used for ?