Opened 4 years ago

Closed 4 years ago

#32327 closed Cleanup/optimization (wontfix)

get_random_secret_key() should return a valid secret key

Reported by: Sumanth Ratna Owned by: nobody
Component: Core (Management commands) Version: 3.1
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: yes UI/UX: no

Description (last modified by Mariusz Felisiak)

check_secret_key() may return a W009 warning if the output of get_random_secret_key() has less than 5 unique characters. The probability of this occurring is extremely low (2.37595567e-25 if my math is correct), but this seems like a safe check to have anyway.

The patch would be simple: wrap get_random_secret_key() in a do-while (or a while, because Python) to ensure that the returned secret key is secure.

Change History (2)

comment:1 by Sumanth Ratna, 4 years ago

(by the way, feel free to close since the probability that the described issue occurs is practically 0)

comment:2 by Mariusz Felisiak, 4 years ago

Description: modified (diff)
Resolution: wontfix
Status: newclosed
Type: UncategorizedCleanup/optimization

I don't think it's worth complexity, if someone will hit such secret they should buy a lottery ticket and regenerate a secret key.

Note: See TracTickets for help on using tickets.
Back to Top