diff options
author | Florian Apolloner <florian@apolloner.eu> | 2021-01-13 20:40:40 +0100 |
---|---|---|
committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2021-01-13 20:40:40 +0100 |
commit | 64cc9dcdad0b60003f54b68e8cb8db715dbdc5ad (patch) | |
tree | 4f469b5d58a8c1936455bf4b0f8a867d47a85b40 | |
parent | 920448539631b52dcee53bd32a880abbc9de18bd (diff) | |
download | django-64cc9dcdad0b60003f54b68e8cb8db715dbdc5ad.tar.gz |
Refs #31358 -- Added constant for get_random_string()'s default alphabet.
-rw-r--r-- | django/contrib/auth/hashers.py | 6 | ||||
-rw-r--r-- | django/utils/crypto.py | 8 |
2 files changed, 6 insertions, 8 deletions
diff --git a/django/contrib/auth/hashers.py b/django/contrib/auth/hashers.py index 0e44614fcb..7a751a694e 100644 --- a/django/contrib/auth/hashers.py +++ b/django/contrib/auth/hashers.py @@ -10,7 +10,7 @@ from django.core.exceptions import ImproperlyConfigured from django.core.signals import setting_changed from django.dispatch import receiver from django.utils.crypto import ( - constant_time_compare, get_random_string, pbkdf2, + RANDOM_STRING_CHARS, constant_time_compare, get_random_string, pbkdf2, ) from django.utils.module_loading import import_string from django.utils.translation import gettext_noop as _ @@ -190,8 +190,8 @@ class BasePasswordHasher: def salt(self): """Generate a cryptographically secure nonce salt in ASCII.""" - # 12 returns a 71-bit value, log_2((26+26+10)^12) =~ 71 bits - return get_random_string(12) + # 12 returns a 71-bit value, log_2(len(RANDOM_STRING_CHARS)^12) =~ 71 bits + return get_random_string(12, RANDOM_STRING_CHARS) def verify(self, password, encoded): """Check if the given password is correct.""" diff --git a/django/utils/crypto.py b/django/utils/crypto.py index 3837e64e05..4fb3a9da9d 100644 --- a/django/utils/crypto.py +++ b/django/utils/crypto.py @@ -47,14 +47,12 @@ def salted_hmac(key_salt, value, secret=None, *, algorithm='sha1'): NOT_PROVIDED = object() # RemovedInDjango40Warning. +RANDOM_STRING_CHARS = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789' # RemovedInDjango40Warning: when the deprecation ends, replace with: -# def get_random_string(length, allowed_chars='...'): -def get_random_string(length=NOT_PROVIDED, allowed_chars=( - 'abcdefghijklmnopqrstuvwxyz' - 'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789' -)): +# def get_random_string(length, allowed_chars=RANDOM_STRING_CHARS): +def get_random_string(length=NOT_PROVIDED, allowed_chars=RANDOM_STRING_CHARS): """ Return a securely generated random string. |