Switch from using PyCrypto's Random to using os.urandom.

There's several reasons for this change:

1) It's faster for reads up to 1024 bytes (nearly 10x faster for 16 byte reads)
2) It receives considerably more security review since it's in the kernel.
3) It's yet another step towards running on PyPy.
4) Using userspace CSPRNGs is considered something of an anti-pattern. See:
   http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/
   http://webcache.googleusercontent.com/search?q=cache:2nTvpCgKZXIJ:www.2uo.de/myths-about-urandom/+&cd=3&hl=en&ct=clnk&gl=us

1 files changed, 4 insertions, 2 deletions

diff --git a/paramiko/kex_group1.py b/paramiko/kex_group1.py
index 3dfb7f18..bc88202c 100644
--- a/paramiko/kex_group1.py
+++ b/paramiko/kex_group1.py
@@ -21,6 +21,8 @@ Standard SSH key exchange ("kex" if you wanna sound cool).  Diffie-Hellman of
 1024 bit key halves, using a known "p" prime and "g" generator.
 """
 
+import os
+
 from Crypto.Hash import SHA
 
 from paramiko import util
@@ -82,7 +84,7 @@ class KexGroup1(object):
         # potential x where the first 63 bits are 1, because some of those will be
         # larger than q (but this is a tiny tiny subset of potential x).
         while 1:
-            x_bytes = self.transport.rng.read(128)
+            x_bytes = os.urandom(128)
             x_bytes = byte_mask(x_bytes[0], 0x7f) + x_bytes[1:]
             if (x_bytes[:8] != b7fffffffffffffff and
                     x_bytes[:8] != b0000000000000000):
@@ -127,7 +129,7 @@ class KexGroup1(object):
         H = SHA.new(hm.asbytes()).digest()
         self.transport._set_K_H(K, H)
         # sign it
-        sig = self.transport.get_server_key().sign_ssh_data(self.transport.rng, H)
+        sig = self.transport.get_server_key().sign_ssh_data(H)
         # send reply
         m = Message()
         m.add_byte(c_MSG_KEXDH_REPLY)