From c12e281e4e9251a56da759018910476201b8ba09 Mon Sep 17 00:00:00 2001
From: Shreya Malviya <shreya.malviya@gmail.com>
Date: Thu, 14 Jul 2022 17:24:56 +0530
Subject: [PATCH] Island: Use secrets instead of Crypto (pycryptodome) in
 DataStoreEncryptor

---
 .../cc/server_utils/encryption/data_store_encryptor.py      | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/monkey/monkey_island/cc/server_utils/encryption/data_store_encryptor.py b/monkey/monkey_island/cc/server_utils/encryption/data_store_encryptor.py
index 0677df95c..c5af78cbd 100644
--- a/monkey/monkey_island/cc/server_utils/encryption/data_store_encryptor.py
+++ b/monkey/monkey_island/cc/server_utils/encryption/data_store_encryptor.py
@@ -1,9 +1,8 @@
 import os
+import secrets
 from pathlib import Path
 from typing import Union
 
-from Crypto import Random  # noqa: DUO133  # nosec: B413
-
 from monkey_island.cc.server_utils.file_utils import open_new_securely_permissioned_file
 
 from .i_encryptor import IEncryptor
@@ -38,8 +37,7 @@ class DataStoreEncryptor(IEncryptor):
         return KeyBasedEncryptor(plaintext_key)
 
     def _create_key(self) -> KeyBasedEncryptor:
-        # TODO: Can we just use secrets.token_bytes(DataStoreEncryptor._KEY_LENGTH_BYTES)?
-        plaintext_key = Random.new().read(DataStoreEncryptor._KEY_LENGTH_BYTES)
+        plaintext_key = secrets.token_bytes(DataStoreEncryptor._KEY_LENGTH_BYTES)
 
         encrypted_key = self._password_based_encryptor.encrypt(plaintext_key)
         with open_new_securely_permissioned_file(str(self._key_file), "wb") as f: