Use random.SystemRandom() for cryptographically secure RNG (#24)

ctftool

@@ -57,7 +57,8 @@ elif operation == "add-admin":
     username = input("Username: ")
     password = getpass.getpass().encode()
     pwhash = utils.admin.create_password(password)
-    secret = "".join([random.choice("ABCDEFGHIJKLMNOPQRSTUVWXYZ234567") for i in range(16)])
+    r = random.SystemRandom()
+    secret = "".join([r.choice("ABCDEFGHIJKLMNOPQRSTUVWXYZ234567") for i in range(16)])
     AdminUser.create(username=username, password=pwhash, secret=secret)
     print("AdminUser created; Enter the following key into your favorite TOTP application (Google Authenticator Recommended): {}".format(secret))
 

utils/misc.py

@@ -10,7 +10,8 @@ from database import Team, Challenge, ChallengeSolve, ScoreAdjustment
 allowed_chars = "abcdefghijklmnopqrstuvwxyz0123456789"
 
 def generate_random_string(length=32, chars=allowed_chars):
-    return "".join([random.choice(chars) for i in range(length)])
+    r = random.SystemRandom()
+    return "".join([r.choice(chars) for i in range(length)])
 
 def generate_team_key():
     return config.ctf_name.lower() + "_" + generate_random_string(32, allowed_chars)