mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-31 09:41:08 +00:00
Code Issues 32 Releases Wiki Activity

Fixed #27635 -- Used secrets module in django.utils.crypto.

Browse Source
This commit is contained in:
Nick Pope
2019-05-15 22:45:17 +01:00
committed by Mariusz Felisiak
parent 068005a349
commit 1d0bab0bfd
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
django/utils/crypto.py
View File

@@ -3,7 +3,7 @@ Django's standard crypto functions and utilities.
"""
import hashlib
import hmac
import random
import secrets
from django.conf import settings
from django.utils.encoding import force_bytes
@@ -43,12 +43,12 @@ def get_random_string(length=12,
The default length of 12 with the a-z, A-Z, 0-9 character set returns
a 71-bit value. log_2((26+26+10)^12) =~ 71 bits
"""
return ''.join(random.choice(allowed_chars) for i in range(length))
return ''.join(secrets.choice(allowed_chars) for i in range(length))
def constant_time_compare(val1, val2):
"""Return True if the two strings are equal, False otherwise."""
return hmac.compare_digest(force_bytes(val1), force_bytes(val2))
return secrets.compare_digest(force_bytes(val1), force_bytes(val2))
def pbkdf2(password, salt, iterations, dklen=0, digest=None):