laforge submitted this change.
param_source: use random.SystemRandom as random nr source
Python's random module uses a PRNG (Mersenne Twister) which is
utterly insecure for key generation - it was so far only used for
testing. Replace it with random.SystemRandom(), which draws from
/dev/urandom and is suitable for generating cryptographic key material.
Change-Id: I6de38c14ac6dd55bc84d53974192509c18d02bfa
Jenkins: skip-card-test
---
M pySim/esim/saip/param_source.py
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pySim/esim/saip/param_source.py b/pySim/esim/saip/param_source.py
index 04a44fed..d3c98a6 100644
--- a/pySim/esim/saip/param_source.py
+++ b/pySim/esim/saip/param_source.py
@@ -124,7 +124,7 @@
return "%0*d" % (self.num_digits, val) # pylint: disable=consider-using-f-string
class RandomSourceMixin:
- random_impl = random # TODO secure random source?
+ random_impl = random.SystemRandom()
class RandomDigitSource(DecimalRangeSource, RandomSourceMixin):
"""return a different sequence of random decimal digits each"""
To view, visit change 40829. To unsubscribe, or for help writing mail filters, visit settings.