Firepup650/bitbot-3.11-fork
2
0
Fork 0
Code Issues Pull requests Activity Actions

uuid.uuid4() is not random enough for a nonce (sasl.scram)

Browse source
This commit is contained in:
jesopo 2019-02-06 21:49:24 +00:00
parent 67252833c4
commit bffd43648d
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
modules/sasl/scram.py
View file

@ -1,7 +1,7 @@
import base64, enum, hashlib, hmac, typing, uuid
import base64, enum, hashlib, hmac, os, typing
def _scram_nonce() -> bytes:
return uuid.uuid4().hex.encode("utf8")
return base64.b64encode(os.urandom(32))
def _scram_escape(s: bytes) -> bytes:
return s.replace(b"=", b"=3D").replace(b",", b"=2C")
def _scram_unescape(s: bytes) -> bytes: