Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1229474

Summary: RFC: anaconda appears to generate salt password strings from a pseudo random number generator
Product: Red Hat Enterprise Linux 7 Reporter: Paulo Andrade <pandrade>
Component: anacondaAssignee: Brian Lane <bcl>
Status: CLOSED ERRATA QA Contact: Release Test Team <release-test-team-automation>
Severity: low Docs Contact:
Priority: unspecified    
Version: 7.0CC: mbanas, pkotvan, tmraz
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: anaconda-21.48.22.58-1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-11-03 23:07:24 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1229472    
Bug Blocks:    

Description Paulo Andrade 2015-06-08 21:25:42 UTC 
Looking at the code:

https://git.fedorahosted.org/cgit/anaconda.git/tree/pyanaconda/users.py?h=rhel7-branch#n114

And checking /dev/urandom usage in, e.g.:

---8<---
strace -f python -c 'import random; import string;salt = ""
for i in range(16):
    salt = salt + random.choice(string.letters+string.digits+"./"); print salt' 2>&1|less
---8<---

I see it does not use /dev/urandom.

This example actually uses:

---8<---
strace -f python -c "import crypt; print crypt.crypt('secret-password', crypt.mksalt(crypt.METHOD_SHA512))" 2>&1|less
---8<---

and generates a 16 byte salt as well.
Comment 2 Brian Lane 2015-06-09 00:05:51 UTC 
Note that development has moved to: https://github.com/rhinstaller/anaconda/tree/rhel7-branch

According to the python random manpage it should be seeding from the OS random source when it is available. I wonder why you're not seeing that.
Comment 3 Paulo Andrade 2015-06-09 00:33:09 UTC 
Testing on updated rhel7.

strace shows only this reference to /dev/urandom
(with some extra context),

---8<---
open("/usr/lib64/python2.7/lib-dynload/_randommodule.so", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0755, st_size=16328, ...}) = 0
open("/usr/lib64/python2.7/lib-dynload/_randommodule.so", O_RDONLY|O_CLOEXEC) = 5
read(5, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\20\23\0\0\0\0\0\0"..., 832) = 832
fstat(5, {st_mode=S_IFREG|0755, st_size=16328, ...}) = 0
mmap(NULL, 2110512, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0x7f3077dd7000
mprotect(0x7f3077dda000, 2093056, PROT_NONE) = 0
mmap(0x7f3077fd9000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0x2000) = 0x7f3077fd9000
close(5)                                = 0
mprotect(0x7f3077fd9000, 4096, PROT_READ) = 0
close(4)                                = 0
open("/dev/urandom", O_RDONLY)          = 4
read(4, "?\322?\241\373\230\3110\r\\X\1\352U\320Y", 16) = 16
close(4)                                = 0
---8<---

so it should indeed be using it to seed the (pseudo)
random number generator. But I am unsure if it is good
enough for password salts; more likely it is good for
a "fast" random number generator.
Comment 4 Tomas Mraz 2015-06-09 08:30:03 UTC 
The salt security requirements are not as high as requirements for other cryptographic primitives which require randomness. As long as the pseudorandom generator is properly seeded and is not severely crippled it should be fine. The only requirement of salt is that the salt value should at least approximately uniformly cover the possible salt values. With 16 character salt the approximation can be also very rough as such salt is well over a required minimum length.
Comment 5 Paulo Andrade 2015-06-09 12:42:58 UTC 
I think the major issue in the way anaconda does it
is to, 16 times, choose a pseudo random value from
python's 'string.letters+string.digits+"./"', what
kind of divides a byte by 4, so, it essentially
instead of 128 bits, becomes 32+ bit. If it were
some kind of modulo 64+ it would be better, but
I would still be more confident if it uses the
python crypt module.
Comment 6 Brian Lane 2015-10-21 18:25:13 UTC 
Note that the crypt.mksalt in python 2.7 isn't as good as what we are already doing. It was fixed in 3.4 to use .choice instead of .sample so our method is actually the same as mksalt in the current python code.

https://bugs.python.org/issue18405

I've modified this code a bit in upstream Fedora, https://github.com/rhinstaller/anaconda/pull/421 so it is more clear that urandom is used, and so that the code is shared between the user creation and bootloader password.
Comment 9 Peter Kotvan 2016-09-06 07:59:55 UTC 
Verified on RHEL-7.3-20160901.1 with anaconda-21.48.22.86-1.
Comment 11 errata-xmlrpc 2016-11-03 23:07:24 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2016-2158.html