diff options
author | Alex Gaynor <alex.gaynor@gmail.com> | 2014-03-29 19:22:36 -0700 |
---|---|---|
committer | Alex Gaynor <alex.gaynor@gmail.com> | 2014-03-29 19:22:36 -0700 |
commit | 6f211115f49edcea7d23b764d7cf3a84ff12f5f0 (patch) | |
tree | 093859d4a75d3ccb361974439f61a01e7dc2b2b4 /paramiko/primes.py | |
parent | 5a430def22aa5cbd755f347c8714e4140d6cdcab (diff) | |
download | paramiko-6f211115f49edcea7d23b764d7cf3a84ff12f5f0.tar.gz |
Switch from using PyCrypto's Random to using os.urandom.
There's several reasons for this change:
1) It's faster for reads up to 1024 bytes (nearly 10x faster for 16 byte reads)
2) It receives considerably more security review since it's in the kernel.
3) It's yet another step towards running on PyPy.
4) Using userspace CSPRNGs is considered something of an anti-pattern. See:
http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/
http://webcache.googleusercontent.com/search?q=cache:2nTvpCgKZXIJ:www.2uo.de/myths-about-urandom/+&cd=3&hl=en&ct=clnk&gl=us
Diffstat (limited to 'paramiko/primes.py')
-rw-r--r-- | paramiko/primes.py | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/paramiko/primes.py b/paramiko/primes.py index 58d158c8..33cd6510 100644 --- a/paramiko/primes.py +++ b/paramiko/primes.py @@ -20,6 +20,8 @@ Utility functions for dealing with primes. """ +import os + from Crypto.Util import number from paramiko import util @@ -27,12 +29,12 @@ from paramiko.py3compat import byte_mask, long from paramiko.ssh_exception import SSHException -def _generate_prime(bits, rng): +def _generate_prime(bits): """primtive attempt at prime generation""" hbyte_mask = pow(2, bits % 8) - 1 while True: # loop catches the case where we increment n into a higher bit-range - x = rng.read((bits + 7) // 8) + x = os.urandom((bits + 7) // 8) if hbyte_mask > 0: x = byte_mask(x[0], hbyte_mask) + x[1:] n = util.inflate_long(x, 1) @@ -45,7 +47,7 @@ def _generate_prime(bits, rng): return n -def _roll_random(rng, n): +def _roll_random(n): """returns a random # from 0 to N-1""" bits = util.bit_length(n - 1) byte_count = (bits + 7) // 8 @@ -58,7 +60,7 @@ def _roll_random(rng, n): # fits, so i can't guarantee that this loop will ever finish, but the odds # of it looping forever should be infinitesimal. while True: - x = rng.read(byte_count) + x = os.urandom(byte_count) if hbyte_mask > 0: x = byte_mask(x[0], hbyte_mask) + x[1:] num = util.inflate_long(x, 1) @@ -73,11 +75,10 @@ class ModulusPack (object): on systems that have such a file. """ - def __init__(self, rpool): + def __init__(self): # pack is a hash of: bits -> [ (generator, modulus) ... ] self.pack = {} self.discarded = [] - self.rng = rpool def _parse_modulus(self, line): timestamp, mod_type, tests, tries, size, generator, modulus = line.split() @@ -147,5 +148,5 @@ class ModulusPack (object): if min > good: good = bitsizes[-1] # now pick a random modulus of this bitsize - n = _roll_random(self.rng, len(self.pack[good])) + n = _roll_random(len(self.pack[good])) return self.pack[good][n] |