zulip/confirmation
Anders Kaseorg b7b7475672 python: Use standard secrets module to generate random tokens.
There are three functional side effects:

• Correct an insignificant but mathematically offensive bias toward
repeated characters in generate_api_key introduced in commit
47b4283c4b4c70ecde4d3c8de871c90ee2506d87; its entropy is increased
from 190.52864 bits to 190.53428 bits.

• Use the base32 alphabet in confirmation.models.generate_key; its
entropy is reduced from 124.07820 bits to the documented 120 bits, but
now it uses 1 syscall instead of 24.

• Use the base32 alphabet in get_bigbluebutton_url; its entropy is
reduced from 51.69925 bits to 50 bits, but now it uses 1 syscall
instead of 10.

(The base32 alphabet is A-Z 2-7.  We could probably replace all of
these with plain secrets.token_urlsafe, since I expect most callers
can handle the full urlsafe_b64 alphabet A-Z a-z 0-9 - _ without
problems.)

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-09-09 15:52:57 -07:00
..
management
migrations python: Sort imports with isort. 2020-06-11 16:45:32 -07:00
CHANGELOG.txt
LICENSE.txt
README.txt
__init__.py python: Modernize legacy Python 2 syntax with pyupgrade. 2020-04-09 16:43:22 -07:00
models.py python: Use standard secrets module to generate random tokens. 2020-09-09 15:52:57 -07:00
settings.py invitations: Revoke remaining invitations after user registers. 2020-05-27 15:37:16 -07:00

README.txt

===================
Django Confirmation
===================

This is a generic object confirmation system for Django applications.

For installation instructions, see the file "INSTALL.txt" in this
directory; for instructions on how to use this application, and on
what it provides, see the file "overview.txt" in the "docs/"
directory.