[issue18405] crypt.mksalt() result has unnecessarily low entropy

Changes by STINNER Victor : -- resolution: -> fixed status: open -> closed versions: -Python 2.7, Python 3.2 ___ Python tracker ___

[issue18405] crypt.mksalt() result has unnecessarily low entropy

STINNER Victor added the comment: With my change, any character can appear more than once. Example: >>> crypt.mksalt() '$6$idm7/asaywTgRf9V' >>> sorted(_[3:]) ['/', '7', '9', 'R', 'T', 'V', 'a', 'a', 'd', 'f', 'g', 'i', 'm', 's', 'w', 'y'] In this case, the 'a' letter occurs twice. --

[issue18405] crypt.mksalt() result has unnecessarily low entropy

Roundup Robot added the comment: New changeset e8a314fe248b by Victor Stinner in branch '3.3': Issue #18405: Improve the entropy of crypt.mksalt(). http://hg.python.org/cpython/rev/e8a314fe248b New changeset 122e074c56f7 by Victor Stinner in branch 'default': (Merge 3.3) Issue #18405: Improve th

[issue18405] crypt.mksalt() result has unnecessarily low entropy

STINNER Victor added the comment: I prefer to avoid conversion to/from base64, and use random.choice() instead: see attached patch. -- keywords: +patch nosy: +haypo Added file: http://bugs.python.org/file31018/crypt_salt_choice.patch ___ Python track

[issue18405] crypt.mksalt() result has unnecessarily low entropy

New submission from Christian Heimes: crypt.mksalt() creates a salt with a lower entropy than possible. It uses random.SystemRandom().sample() to generate a salt string from the set of 64 chars (string.ascii_letters + string.digits + './'). SystemRandom() uses a CPRNG (good) but sample() retur