Opened 4 years ago
Closed 4 years ago
#32327 closed Cleanup/optimization (wontfix)
get_random_secret_key() should return a valid secret key
Reported by: | Sumanth Ratna | Owned by: | nobody |
---|---|---|---|
Component: | Core (Management commands) | Version: | 3.1 |
Severity: | Normal | Keywords: | |
Cc: | Triage Stage: | Unreviewed | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | yes | UI/UX: | no |
Description (last modified by )
check_secret_key() may return a W009 warning if the output of get_random_secret_key() has less than 5 unique characters. The probability of this occurring is extremely low (2.37595567e-25 if my math is correct), but this seems like a safe check to have anyway.
The patch would be simple: wrap get_random_secret_key()
in a do-while (or a while
, because Python) to ensure that the returned secret key is secure.
Change History (2)
comment:1 by , 4 years ago
comment:2 by , 4 years ago
Description: | modified (diff) |
---|---|
Resolution: | → wontfix |
Status: | new → closed |
Type: | Uncategorized → Cleanup/optimization |
I don't think it's worth complexity, if someone will hit such secret they should buy a lottery ticket and regenerate a secret key.
(by the way, feel free to close since the probability that the described issue occurs is practically 0)