From db26427f9d3a3f5af115601bf60092df9a2aa95f Mon Sep 17 00:00:00 2001 From: Eric Brown Date: Mon, 8 Apr 2024 15:33:51 -0700 Subject: [PATCH] Increase token size to 32 bytes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This fix bumps the token size from 16 to 32 bytes in order to match the default minimum entropy as recommended by Python docs. Note, that there is also a comparison to a constant TOKEN_ΜΙΝ_LEN where one module assumed that length to be characters and another module (utils.py) assumes that length to be bytes. So this fix uses bytes as the meaning from now on. Fixes #4481 Signed-off-by: Eric Brown --- scripts/wrappers/add_token.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/wrappers/add_token.py b/scripts/wrappers/add_token.py index 6cbda8bfd1..be9b0672e0 100644 --- a/scripts/wrappers/add_token.py +++ b/scripts/wrappers/add_token.py @@ -145,7 +145,7 @@ def print_short(token, check): parser.add_argument( "--token", "-t", - help="Specify the bootstrap token to add, must be 32 characters long. " + help="Specify the bootstrap token to add, must be 32 bytes long. " "Auto generates when empty.", ) parser.add_argument( @@ -163,10 +163,10 @@ def print_short(token, check): if args.token is not None: token = args.token else: - token = token_hex(16) + token = token_hex(32) if len(token) < TOKEN_ΜΙΝ_LEN: - print("Invalid token size. It must be 32 characters long.") + print("Invalid token size. It must be 32 bytes long.") exit(1) add_token_with_expiry(token, cluster_tokens_file, ttl)