From b4de311b0c04d9ac4e576a7d72e47fe48ca5e405 Mon Sep 17 00:00:00 2001
From: Olivier Dony <odo@openerp.com>
Date: Wed, 29 Jul 2015 13:48:12 +0200
Subject: [PATCH] [FIX] auth_crypt: use system random number generator

Switch to system random as number generator instead of the
default PRNG, which is not recommended for generating
security-related values such as unique tokens.

(Complements parent commit)

Closes #7761
---
 addons/auth_crypt/auth_crypt.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/addons/auth_crypt/auth_crypt.py b/addons/auth_crypt/auth_crypt.py
index 9724b511a05..3aac70c1a59 100644
--- a/addons/auth_crypt/auth_crypt.py
+++ b/addons/auth_crypt/auth_crypt.py
@@ -11,7 +11,7 @@
 import hashlib
 import hmac
 import logging
-from random import sample
+import random
 from string import ascii_letters, digits
 
 import openerp
@@ -28,7 +28,7 @@ res_users.USER_PRIVATE_FIELDS.append('password_crypt')
 def gen_salt(length=8, symbols=None):
     if symbols is None:
         symbols = ascii_letters + digits
-    return ''.join(sample(symbols, length))
+    return ''.join(random.SystemRandom().sample(symbols, length))
 
 def md5crypt( raw_pw, salt, magic=magic_md5 ):
     """ md5crypt FreeBSD crypt(3) based on but different from md5