diff --git a/salt/auth/__init__.py b/salt/auth/__init__.py index f7e7512a17..d87790891a 100644 --- a/salt/auth/__init__.py +++ b/salt/auth/__init__.py @@ -93,7 +93,7 @@ class LoadAuth(object): if f_time > self.max_fail: self.max_fail = f_time deviation = self.max_fail / 4 - r_time = random.uniform( + r_time = random.SystemRandom().uniform( self.max_fail - deviation, self.max_fail + deviation ) diff --git a/salt/modules/grains.py b/salt/modules/grains.py index 0e338494e8..b898456eaa 100644 --- a/salt/modules/grains.py +++ b/salt/modules/grains.py @@ -486,7 +486,7 @@ def get_or_set_hash(name, ret = get(name, None) if ret is None: - val = ''.join([random.choice(chars) for _ in range(length)]) + val = ''.join([random.SystemRandom().choice(chars) for _ in range(length)]) if ':' in name: name, rest = name.split(':', 1) diff --git a/salt/modules/mac_user.py b/salt/modules/mac_user.py index ee64b66a64..a1b7c4633e 100644 --- a/salt/modules/mac_user.py +++ b/salt/modules/mac_user.py @@ -116,7 +116,7 @@ def add(name, # Set random password, since without a password the account will not be # available. TODO: add shadow module randpass = ''.join( - random.choice(string.letters + string.digits) for x in xrange(20) + random.SystemRandom().choice(string.letters + string.digits) for x in xrange(20) ) _dscl('/Users/{0} {1!r}'.format(name, randpass), ctype='passwd') diff --git a/salt/modules/rabbitmq.py b/salt/modules/rabbitmq.py index 08f71384fc..fc22de0947 100644 --- a/salt/modules/rabbitmq.py +++ b/salt/modules/rabbitmq.py @@ -139,7 +139,7 @@ def add_user(name, password=None, runas=None): if password is None: # Generate a random, temporary password. RabbitMQ requires one. clear_pw = True - password = ''.join(random.choice( + password = ''.join(random.SystemRandom().choice( string.ascii_uppercase + string.digits) for x in range(15)) res = __salt__['cmd.run']( diff --git a/salt/modules/test.py b/salt/modules/test.py index a643631e47..11058814af 100644 --- a/salt/modules/test.py +++ b/salt/modules/test.py @@ -404,7 +404,7 @@ def rand_str(size=9999999999): salt '*' test.rand_str ''' hasher = getattr(hashlib, __opts__.get('hash_type', 'md5')) - return hasher(str(random.randint(0, size))).hexdigest() + return hasher(str(random.SystemRandom().randint(0, size))).hexdigest() def exception(message='Test Exception'): diff --git a/salt/modules/znc.py b/salt/modules/znc.py index d5023dcf41..5d00443080 100644 --- a/salt/modules/znc.py +++ b/salt/modules/znc.py @@ -46,7 +46,7 @@ def _makepass(password, hasher='sha256'): "0123456789!?.,:;/*-+_()" r = { 'Method': h.name, - 'Salt': ''.join(random.choice(c) for x in xrange(20)), + 'Salt': ''.join(random.SystemRandom().choice(c) for x in xrange(20)), } # Salt the password hash diff --git a/salt/wheel/key.py b/salt/wheel/key.py index 75500604bc..96a282e564 100644 --- a/salt/wheel/key.py +++ b/salt/wheel/key.py @@ -79,7 +79,7 @@ def gen(id_=None, keysize=2048): returned as a dict containing pub and priv keys ''' if id_ is None: - id_ = hashlib.sha512(str(random.randint(0, 99999999))).hexdigest() + id_ = hashlib.sha512(str(random.SystemRandom().randint(0, 99999999))).hexdigest() ret = {'priv': '', 'pub': ''} priv = salt.crypt.gen_keys(__opts__['pki_dir'], id_, keysize)