simplify by removing hashes of random numbers

There may be circumstances where hashing random numbers might be useful, but in order to justify it we would need to know something about the generator that provides them. However, checking with strace shows that the CSPRNG in Crypto.Random may not reseed its entropy enough, so we might ultimately want to use a different one. It only reseeds 8 bytes per call even if you read megabytes of random numbers from it!
2026-01-26 07:41:33 +03:00 · 2012-07-15 16:16:28 -07:00
parent a5c70283e8
commit ad71e39d31
2 changed files with 5 additions and 18 deletions
--- a/server-ca/chocolate.py
+++ b/server-ca/chocolate.py
@@ -1,9 +1,7 @@
 #!/usr/bin/env python

-import web, redis, time
+import web, redis, time, binascii
 import CSR
-import hashlib
-import hmac
 import hashcash
 from CSR import M2Crypto
 from Crypto import Random
@@ -24,15 +22,9 @@ urls = (
     '.*', 'session'
 )

-def sha256(m):
-    return hashlib.sha256(m).hexdigest()
-
-def hmac(k, m):
-    return hmac.new(k, m, hashlib.sha256).hexdigest()
-
 def random():
    """Return 64 hex digits representing a new 32-byte random number."""
-    return sha256(Random.get_random_bytes(32))
+    return binascii.hexlify(Random.get_random_bytes(32))

 def safe(what, s):
    """Is string s within the allowed-character policy for this field?"""
@@ -337,8 +329,6 @@ class session(object):

    def POST(self):
        web.header("Content-type", "application/x-protobuf+chocolate")
-#        web.setcookie("chocolate", hmac("foo", "bar"),
-#                       secure=True) # , httponly=True)
        m = chocolatemessage()
        r = chocolatemessage()
        r.chocolateversion = 1
--- a/server-ca/daemon.py
+++ b/server-ca/daemon.py
@@ -48,7 +48,7 @@
 # the server or the daemon (due to timeout or error) causes
 # a session to be treated as dead by both.

-import redis, redis_lock, time, CSR, sys, signal, hashlib
+import redis, redis_lock, time, CSR, sys, signal, binascii
 from sni_challenge.verify import verify_challenge
 from Crypto import Random

@@ -86,16 +86,13 @@ def ancient(session, state):
        return True
    return False

-def sha256(m):
-    return hashlib.sha256(m).hexdigest()
-
 def random():
    """Return 64 hex digits representing a new 32-byte random number."""
-    return sha256(Random.get_random_bytes(32))
+    return binascii.hexlify(Random.get_random_bytes(32))

 def random_raw():
    """Return 32 random bytes."""
-    return hashlib.sha256(Random.get_random_bytes(32)).digest()
+    return Random.get_random_bytes(32)

 def makechallenge(session):
    if r.hget(session, "live") != "True":