Fixed #27635 -- Used secrets module in django.utils.crypto.

author: Nick Pope <nick.pope@flightdataservices.com> 2019-05-15 22:45:17 +0100
committer: Mariusz Felisiak <felisiak.mariusz@gmail.com> 2019-05-20 11:21:22 +0200
commit: 1d0bab0bfd77edcf1228d45bf654457a8ff1890d (patch)
tree: c129fc44554ea57c40dd3f7e50272855dc10591e /django/utils/crypto.py
parent: 068005a349f80b3c6c724cc7a2d0b0c44413f463 (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/django/utils/crypto.py b/django/utils/crypto.py
index b1daa9be37..eeb55af066 100644
--- a/django/utils/crypto.py
+++ b/django/utils/crypto.py
@@ -3,7 +3,7 @@ Django's standard crypto functions and utilities.
 """
 import hashlib
 import hmac
-import random
+import secrets
 
 from django.conf import settings
 from django.utils.encoding import force_bytes
@@ -43,12 +43,12 @@ def get_random_string(length=12,
     The default length of 12 with the a-z, A-Z, 0-9 character set returns
     a 71-bit value. log_2((26+26+10)^12) =~ 71 bits
     """
-    return ''.join(random.choice(allowed_chars) for i in range(length))
+    return ''.join(secrets.choice(allowed_chars) for i in range(length))
 
 
 def constant_time_compare(val1, val2):
     """Return True if the two strings are equal, False otherwise."""
-    return hmac.compare_digest(force_bytes(val1), force_bytes(val2))
+    return secrets.compare_digest(force_bytes(val1), force_bytes(val2))
 
 
 def pbkdf2(password, salt, iterations, dklen=0, digest=None):
author	Nick Pope <nick.pope@flightdataservices.com>	2019-05-15 22:45:17 +0100
committer	Mariusz Felisiak <felisiak.mariusz@gmail.com>	2019-05-20 11:21:22 +0200
commit	1d0bab0bfd77edcf1228d45bf654457a8ff1890d (patch)
tree	c129fc44554ea57c40dd3f7e50272855dc10591e /django/utils/crypto.py
parent	068005a349f80b3c6c724cc7a2d0b0c44413f463 (diff)