Use random.SystemRandom() for cryptographically secure RNG (#24)
parent
b1329773de
commit
3e5c6f023e
3
ctftool
3
ctftool
|
@ -57,7 +57,8 @@ elif operation == "add-admin":
|
|||
username = input("Username: ")
|
||||
password = getpass.getpass().encode()
|
||||
pwhash = utils.admin.create_password(password)
|
||||
secret = "".join([random.choice("ABCDEFGHIJKLMNOPQRSTUVWXYZ234567") for i in range(16)])
|
||||
r = random.SystemRandom()
|
||||
secret = "".join([r.choice("ABCDEFGHIJKLMNOPQRSTUVWXYZ234567") for i in range(16)])
|
||||
AdminUser.create(username=username, password=pwhash, secret=secret)
|
||||
print("AdminUser created; Enter the following key into your favorite TOTP application (Google Authenticator Recommended): {}".format(secret))
|
||||
|
||||
|
|
|
@ -10,7 +10,8 @@ from database import Team, Challenge, ChallengeSolve, ScoreAdjustment
|
|||
allowed_chars = "abcdefghijklmnopqrstuvwxyz0123456789"
|
||||
|
||||
def generate_random_string(length=32, chars=allowed_chars):
|
||||
return "".join([random.choice(chars) for i in range(length)])
|
||||
r = random.SystemRandom()
|
||||
return "".join([r.choice(chars) for i in range(length)])
|
||||
|
||||
def generate_team_key():
|
||||
return config.ctf_name.lower() + "_" + generate_random_string(32, allowed_chars)
|
||||
|
|
Loading…
Reference in New Issue