diff options
author | Jeremy Cline <jcline@redhat.com> | 2019-10-09 15:03:45 -0400 |
---|---|---|
committer | Stephen Finucane <stephen@that.guru> | 2019-10-17 14:07:55 +0100 |
commit | bb7626b2f257852f426723de551418753e3dd692 (patch) | |
tree | 82fec46366fdaeec96b72c15ddf6ea636f918e55 /releasenotes/notes | |
parent | b4f4c8554c1168ffe177dc11ddf9ff1535c1ff31 (diff) | |
download | patchwork-bb7626b2f257852f426723de551418753e3dd692.tar patchwork-bb7626b2f257852f426723de551418753e3dd692.tar.gz |
Use secrets and fall back to random.SystemRandom for keys
The random module uses the Mersenne Twister pseudorandom number
generator and is not a cryptographically secure random number
generator[0]. The secrets[1] module is intended for generating
cryptographically strong random numbers, so recommend using that to
generate the secret key. It's new in Python 3, so if it's unavailable
fall back to using the ``os.urandom()`` backed implementation of random.
NOTE(stephenfin): Modified to include change to 'config.yaml'. Also
renamed reno to just stick with hyphens for filenames.
[0] https://docs.python.org/3/library/random.html
[1] https://docs.python.org/3/library/secrets.html
Signed-off-by: Jeremy Cline <jcline@redhat.com>
Signed-off-by: Stephen Finucane <stephen@that.guru>
Diffstat (limited to 'releasenotes/notes')
-rw-r--r-- | releasenotes/notes/use-secrets-and-fall-back-to-random-SystemRandom-for-keys-9ceb496919a1bb6f.yaml | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/releasenotes/notes/use-secrets-and-fall-back-to-random-SystemRandom-for-keys-9ceb496919a1bb6f.yaml b/releasenotes/notes/use-secrets-and-fall-back-to-random-SystemRandom-for-keys-9ceb496919a1bb6f.yaml new file mode 100644 index 0000000..7b101cb --- /dev/null +++ b/releasenotes/notes/use-secrets-and-fall-back-to-random-SystemRandom-for-keys-9ceb496919a1bb6f.yaml @@ -0,0 +1,5 @@ +--- +security: + - | + Change the recommended method for generating the Django secret key to use a + cryptographically secure random number generator. |