highperfocused/bitcoin
1
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2025-07-08 17:30:36 +02:00
Code Issues Packages Projects Releases Wiki Activity

Properly generate salt in rpcauth.py, update tests

Browse Source 
Previously, when iterating over bytes of the generated salt to construct
a hex string, only one character would be outputted when the byte is
less than 0x10. Meaning that for a 16 byte salt, the hex string might be
less than 32 characters and collisions would occur.
This commit is contained in:
Carl Dong
2018-11-16 23:24:57 -08:00
parent 35739976c1
commit 6be7d14d24
2 changed files with 9 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
share/rpcauth/rpcauth.py
View File

@ -5,17 +5,13 @@
import sys
import os
from random import SystemRandom
import base64
from binascii import hexlify
import hmac
def generate_salt():
# This uses os.urandom() underneath
cryptogen = SystemRandom()
# Create 16 byte hex salt
salt_sequence = [cryptogen.randrange(256) for _ in range(16)]
return ''.join([format(r, 'x') for r in salt_sequence])
def generate_salt(size):
"""Create size byte hex salt"""
return hexlify(os.urandom(size)).decode()
def generate_password():
"""Create 32 byte b64 password"""
@ -32,7 +28,8 @@ def main():
username = sys.argv[1]
salt = generate_salt()
# Create 16 byte hex salt
salt = generate_salt(16)
if len(sys.argv) > 2:
password = sys.argv[2]
else: