Opened 4 years ago
Closed 4 years ago
#32327 closed Cleanup/optimization (wontfix)
get_random_secret_key() should return a valid secret key
| Reported by: | Sumanth Ratna | Owned by: | nobody |
|---|---|---|---|
| Component: | Core (Management commands) | Version: | 3.1 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | yes | UI/UX: | no |
Description (last modified by )
check_secret_key() may return a W009 warning if the output of get_random_secret_key() has less than 5 unique characters. The probability of this occurring is extremely low (2.37595567e-25 if my math is correct), but this seems like a safe check to have anyway.
The patch would be simple: wrap get_random_secret_key() in a do-while (or a while, because Python) to ensure that the returned secret key is secure.
Change History (2)
comment:1 by , 4 years ago
comment:2 by , 4 years ago
| Description: | modified (diff) |
|---|---|
| Resolution: | → wontfix |
| Status: | new → closed |
| Type: | Uncategorized → Cleanup/optimization |
I don't think it's worth complexity, if someone will hit such secret they should buy a lottery ticket and regenerate a secret key.
Note:
See TracTickets
for help on using tickets.
(by the way, feel free to close since the probability that the described issue occurs is practically 0)