From 8c6db3845dea1675f1d71f919e5c08765a1ef79b Mon Sep 17 00:00:00 2001
From: Laurent Peuch <cortex@worlddomination.be>
Date: Mon, 14 Aug 2017 15:23:51 +0200
Subject: [PATCH] [fix] use real random for hash selection

---
 src/yunohost/user.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/yunohost/user.py b/src/yunohost/user.py
index deb5de077..a5b659e04 100644
--- a/src/yunohost/user.py
+++ b/src/yunohost/user.py
@@ -137,7 +137,7 @@ def user_create(auth, username, firstname, lastname, mail, password,
     # Adapt values for LDAP
     fullname = '%s %s' % (firstname, lastname)
     char_set = string.ascii_uppercase + string.digits
-    salt = ''.join(random.sample(char_set, 8))
+    salt = ''.join([random.SystemRandom().choice(char_set) for x in range(8)])
     salt = '$1$' + salt + '$'
     user_pwd = '{CRYPT}' + crypt.crypt(str(password), salt)
     attr_dict = {