tobias/radicale
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Revert "Use secure RNG for auth delay"

Browse Source 
This reverts commit 7b79c00ae2.
This commit is contained in:
Unrud 2020-05-17 01:35:44 +02:00
parent 4d632a97f3
commit d26ee9e7ed
1 changed files with 1 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
radicale/app/__init__.py
View File

@ -55,8 +55,6 @@ from radicale.app.put import ApplicationPutMixin
from radicale.app.report import ApplicationReportMixin from radicale.app.report import ApplicationReportMixin
from radicale.log import logger from radicale.log import logger
secure_random = random.SystemRandom()
VERSION = pkg_resources.get_distribution("radicale").version VERSION = pkg_resources.get_distribution("radicale").version
@ -254,7 +252,7 @@ class Application(
# Random delay to avoid timing oracles and bruteforce attacks # Random delay to avoid timing oracles and bruteforce attacks
delay = self.configuration.get("auth", "delay") delay = self.configuration.get("auth", "delay")
if delay > 0: if delay > 0:
random_delay = delay * (0.5 + secure_random.random()) random_delay = delay * (0.5 + random.random())
logger.debug("Sleeping %.3f seconds", random_delay) logger.debug("Sleeping %.3f seconds", random_delay)
time.sleep(random_delay) time.sleep(random_delay)