classification
Title: crypt.mksalt() result has unnecessarily low entropy
Type: security Stage: patch review
Components: Library (Lib) Versions: Python 3.4, Python 3.3
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: christian.heimes Nosy List: christian.heimes, gregory.p.smith, haypo, python-dev
Priority: critical Keywords: patch

Created on 2013-07-08 17:57 by christian.heimes, last changed 2013-08-13 23:45 by haypo. This issue is now closed.

Files
File name Uploaded Description Edit
crypt_salt_choice.patch haypo, 2013-07-22 19:11 review
Messages (4)
msg192683 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2013-07-08 17:57
crypt.mksalt() creates a salt with a lower entropy than possible. It uses random.SystemRandom().sample() to generate a salt string from the set of 64 chars (string.ascii_letters + string.digits + './'). SystemRandom() uses a CPRNG (good) but sample() returns n UNIQUE members of the set (very bad). sample() reduces the set possible chars by one for each salt char.

Suggested fix:

salt = base64.b64encode(os.urandom(salt_chars * 3 // 4), b"./").decode("ascii")
msg193561 - (view) Author: STINNER Victor (haypo) * (Python committer) Date: 2013-07-22 19:11
I prefer to avoid conversion to/from base64, and use random.choice() instead: see attached patch.
msg195105 - (view) Author: Roundup Robot (python-dev) Date: 2013-08-13 23:40
New changeset e8a314fe248b by Victor Stinner in branch '3.3':
Issue #18405: Improve the entropy of crypt.mksalt().
http://hg.python.org/cpython/rev/e8a314fe248b

New changeset 122e074c56f7 by Victor Stinner in branch 'default':
(Merge 3.3) Issue #18405: Improve the entropy of crypt.mksalt().
http://hg.python.org/cpython/rev/122e074c56f7
msg195106 - (view) Author: STINNER Victor (haypo) * (Python committer) Date: 2013-08-13 23:45
With my change, any character can appear more than once. Example:

>>> crypt.mksalt()
'$6$idm7/asaywTgRf9V'
>>> sorted(_[3:])
['/', '7', '9', 'R', 'T', 'V', 'a', 'a', 'd', 'f', 'g', 'i', 'm', 's', 'w', 'y']

In this case, the 'a' letter occurs twice.
History
Date User Action Args
2013-08-13 23:45:11hayposetmessages: + msg195106
2013-08-13 23:41:10hayposetstatus: open -> closed
resolution: fixed
versions: - Python 2.7, Python 3.2
2013-08-13 23:40:57python-devsetnosy: + python-dev
messages: + msg195105
2013-07-22 19:11:43hayposetfiles: + crypt_salt_choice.patch

nosy: + haypo
messages: + msg193561

keywords: + patch
2013-07-08 17:57:20christian.heimescreate