Use uuid4 instead of uuid1 as a base for passwords
uuid1 is intended to be uniq but not unpredictable. Knowing the mac address of the host generating the uuid and what time it was roughly generated at essentially reduces the parts of this uuid that have to be guessed from 128 bits down to less then 48, still a big number but there is no reason not to use the bigger of the two. Change-Id: If5d230a650c267247dc3a98c02a8d3021bb9eaab
This commit is contained in:
parent
aad3455086
commit
cf8efabe0c
@ -327,7 +327,7 @@ def _generate_password(length=40):
|
|||||||
Copied from rdomanager-oscplugin. This should eventually live in
|
Copied from rdomanager-oscplugin. This should eventually live in
|
||||||
tripleo-common.
|
tripleo-common.
|
||||||
"""
|
"""
|
||||||
uuid_str = six.text_type(uuid.uuid1()).encode("UTF-8")
|
uuid_str = six.text_type(uuid.uuid4()).encode("UTF-8")
|
||||||
return hashlib.sha1(uuid_str).hexdigest()[:length]
|
return hashlib.sha1(uuid_str).hexdigest()[:length]
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user