[fix] use real random for hash selection

2024-09-03 20:06:10 +02:00 · 2017-08-14 15:23:51 +02:00 · 2017-08-14 15:23:51 +02:00 · 8c6db3845d
commit 8c6db3845d
parent c14acc0fae
1 changed files with 1 additions and 1 deletions
--- a/src/yunohost/user.py
+++ b/src/yunohost/user.py
@ -137,7 +137,7 @@ def user_create(auth, username, firstname, lastname, mail, password,
    # Adapt values for LDAP
    fullname = '%s %s' % (firstname, lastname)
    char_set = string.ascii_uppercase + string.digits
-    salt = ''.join(random.sample(char_set, 8))
+    salt = ''.join([random.SystemRandom().choice(char_set) for x in range(8)])
    salt = '$1$' + salt + '$'
    user_pwd = '{CRYPT}' + crypt.crypt(str(password), salt)
    attr_dict = {