Don't generate insecure passwords where it's easy to use urandom instead

nova/console/manager.py

@@ -69,7 +69,7 @@ class ConsoleProxyManager(manager.Manager):
         except exception.NotFound:
             logging.debug(_("Adding console"))
             if not password:
-                password = self.driver.generate_password()
+                password = utils.generate_password(8)
             if not port:
                 port = self.driver.get_port(context)
             console_data = {'instance_name': name,

nova/console/xvp.py

@@ -91,10 +91,6 @@ class XVPConsoleProxy(object):
         """Trim password to length, and encode"""
         return self._xvp_encrypt(password)
 
-    def generate_password(self, length=8):
-        """Returns random console password"""
-        return os.urandom(length * 2).encode('base64')[:length]
-
     def _rebuild_xvp_conf(self, context):
         logging.debug(_("Rebuilding xvp conf"))
         pools = [pool for pool in

nova/utils.py

@@ -263,12 +263,17 @@ def generate_mac():
 
 
 def generate_password(length=20):
-    """Generate a random sequence of letters and digits
-    to be used as a password. Note that this is not intended
-    to represent the ultimate in security.
+    """Generate a random alphanumeric password, avoiding 'confusing' O,0,I,1.
+
+    Believed to be reasonably secure (with a reasonable password length!)
     """
-    chrs = string.letters + string.digits
-    return "".join([random.choice(chrs) for i in xrange(length)])
+    # 26 letters, 10 digits = 36
+    # Remove O, 0, I, 1 => 32 digits
+    # 32 digits means we're just using the low 5 bit of each byte
+    chrs = "ABCDEFGHJKLMNPQRSTUVWXYZ23456789"
+
+    random_bytes = os.urandom(length)
+    return "".join([chrs[ord(random_bytes[i]) % 32] for i in xrange(length)])
 
 
 def last_octet(address):