[PATCH] Use secrets and fall back to random.SystemRandom for keys
jcline at redhat.com
Thu Oct 10 10:08:13 AEDT 2019
On Thu, Oct 10, 2019 at 09:30:50AM +1100, Daniel Axtens wrote:
> Hi Jeremy,
> > The random module uses the Mersenne Twister pseudorandom number
> > generator and is not a cryptographically secure random number
> > generator. The secrets module is intended for generating
> > cryptographically strong random numbers, so recommend using that to
> > generate the secret key. It's new in Python 3, so if it's unavailable
> > fall back to using the ``os.urandom()`` backed implementation of random.
> >  https://docs.python.org/3/library/random.html
> >  https://docs.python.org/3/library/secrets.html
> Thanks for your patch.
> I agree that correctly generated randomness is the right way to go.
> Do you think we need to advise existing implementations to roll their
> secret? My feeling is that given the way the twister has been seeded
> since Python 2.4 (os.urandom if available), existing installations are
> probably OK, but I'd be interested in your take.
If I were running the service I would, but I do agree that given it's
likely it was seeded with os.urandom existing installations are probably
> > Signed-off-by: Jeremy Cline <jcline at redhat.com>
> > ---
> > docs/deployment/installation.rst | 10 ++++++++--
> > patchwork/settings/production.example.py | 12 +++++++++---
> > ...andom.SystemRandom-for-keys-9ceb496919a1bb6f.yaml | 5 +++++
> > 3 files changed, 22 insertions(+), 5 deletions(-)
> > create mode 100644 releasenotes/notes/use-secrets-and-fall-back-to-random.SystemRandom-for-keys-9ceb496919a1bb6f.yaml
> > diff --git a/docs/deployment/installation.rst b/docs/deployment/installation.rst
> > index d422573..f477a11 100644
> > --- a/docs/deployment/installation.rst
> > +++ b/docs/deployment/installation.rst
> > @@ -254,9 +254,15 @@ This should be a random value and kept secret. You can generate and a value for
> > .. code-block:: python
> > - import string, random
> > + import string
> > + try:
> > + import secrets
> > + except ImportError: # Python < 3.6
> > + import random
> > + secrets = random.SystemRandom()
> We're dropping Python 2 soon, not in the next version coming out Real
> Soon Now, but in the version after that. Would it be worth holding this
> patch until then so as we can avoid this messy try:import? I have a
> topic branch for this and I'd be happy to include this patch in it.
An alternate approach here would be to just not use the secrets API.
CPython is just proxying the calls to secrets.choice to
random.SystemRandom().choice() so it comes to the same thing. I just
prefer the secrets API since its promise is to be fit for cryptographic
purposes and if they find a bug they'll fix it.
In my own projects I prefer to use the newer APIs when possible and fall
back as I don't find the clean-up to be terribly difficult (I just grep
for ImportErrors), but I do get that it's ugly. I don't have a strong
opinion about doing just random.SystemRandom().choice(), just
secrets.choice() in a deferred branch, or this, so I'll leave it up to
More information about the Patchwork