[Core] [WebUI] Increase RSA key size and improve hashing

* Replace weak hashing functions, key sizes, and random number
      generation techniques with less weak versions to prevent
      crashes when running with the fips module loaded.

deluge/core/rpcserver.py

@@ -528,10 +528,10 @@ def generate_ssl_keys():
     """
     This method generates a new SSL key/cert.
     """
-    digest = "md5"
+    digest = "sha256"
     # Generate key pair
     pkey = crypto.PKey()
-    pkey.generate_key(crypto.TYPE_RSA, 1024)
+    pkey.generate_key(crypto.TYPE_RSA, 2048)
 
     # Generate cert request
     req = crypto.X509Req()
@@ -544,7 +544,7 @@ def generate_ssl_keys():
     cert = crypto.X509()
     cert.set_serial_number(0)
     cert.gmtime_adj_notBefore(0)
-    cert.gmtime_adj_notAfter(60 * 60 * 24 * 365 * 5)  # Five Years
+    cert.gmtime_adj_notAfter(60 * 60 * 24 * 365 * 3)  # Three Years
     cert.set_issuer(req.get_subject())
     cert.set_subject(req.get_subject())
     cert.set_pubkey(req.get_pubkey())

deluge/ui/web/auth.py

@@ -9,7 +9,7 @@
 
 import hashlib
 import logging
-import random
+import os
 import time
 from datetime import datetime, timedelta
 from email.utils import formatdate
@@ -108,11 +108,8 @@ class Auth(JSONComponent):
         only for future use currently.
         :type login: string
         """
-        m = hashlib.md5()
+        m = hashlib.sha256()
-        m.update(login)
+        m.update(os.urandom(32))
-        m.update(str(time.time()))
-        m.update(str(random.getrandbits(40)))
-        m.update(m.hexdigest())
         session_id = m.hexdigest()
 
         config = component.get("DelugeWeb").config
@@ -248,7 +245,7 @@ class Auth(JSONComponent):
         :type new_password: string
         """
         log.debug("Changing password")
-        salt = hashlib.sha1(str(random.getrandbits(40))).hexdigest()
+        salt = hashlib.sha1(os.urandom(32)).hexdigest()
         s = hashlib.sha1(salt)
         s.update(utf8_encoded(new_password))
         config = component.get("DelugeWeb").config