Improper use of random module
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Zope 2 |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Christian Heimes made the following report to the Plone security team:
---
Hello,
yesterday a security researcher claimed on the Python bug tracker that
he had found a security issue in Python's random module which affects
several Python web frameworks [1]. He stated that the deterministic
results of the random module can lead to breach in security. The
ticket was closed by me after we explained that the random module is
deliberately designed to create deterministic and thus predictable
random value. Its Mersenne-Twister creates statistically well
distributed numbers and not cryptographically strong random data.
In other words the random module is not a CPRNG [2] and must not be
used for any crypto and security related usage. random.SystemRandom is
only the exception to the rule as it uses os.urandom() as PRNG source.
os.urandom() is suitable for most cryptographic purposes except for
long-lived data like SSL certs.
Plone, Zope, Paste and possible other 3rd party components are using
the random module where a CPRNG is required. I suggest that you modify
your code and replace the random module with either an instance of
random.SystemRandom or os.urandom(). Improper use for the random
module are for example:
password creation
salt
session keys
digest auth
non-
os.urandom() may not be available on some systems and raise
NotImplementedE
examples how to deal with it.
Regards
Christian
---
In Zope2, at least AccessControl.
Changed in zope2: | |
milestone: | none → 2.13.19 |
status: | New → Fix Released |
information type: | Private Security → Public Security |
The attached patch is for Zope 2.12 for the browser id manager and auth encoding usage of random. For good measure I also put in a constant time comparison function. The code is basically a copy of django. utils.crypto.
Locally I've already prepared the code for all the other branches and the standalone AccessControl library. Unless someone wants me to hold back those fixes, I'll release them tomorrow on Tuesday Oct 30 in new releases of all the projects.