cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nux! <...@li.nux.ro>
Subject Re: vm.password.length issue in 4.4.1-SNAPSHOT
Date Mon, 13 Oct 2014 23:26:47 GMT
Well, it's a bit messy, but still better than the old password length.
Ideally this should get clarified/fixed, but for now I am happy with my long+3 password! :)


Cheers,
Lucian

--
Sent from the Delta quadrant using Borg technology!

Nux!
www.nux.ro

----- Original Message -----
> From: "Ian Duffy" <ian@ianduffy.ie>
> To: "CloudStack Dev" <dev@cloudstack.apache.org>
> Cc: "laszlo hornyak" <laszlo.hornyak@gmail.com>
> Sent: Monday, 13 October, 2014 19:54:53
> Subject: Re: vm.password.length issue in 4.4.1-SNAPSHOT

> Hey Nux,
> 
> So I passed this work off to a util class that was already present in the
> code base "PasswordGenerator"
> 
>    @Override
>    public String generateRandomPassword() {
>        Integer passwordLength =
> Integer.parseInt(_configDao.getValue("vm.password.length"));
>        return PasswordGenerator.generateRandomPassword(passwordLength);
>    }
> 
> Not a clue why but the generateRandomPassword method creates a random
> 3-character string first then loops through to generate n random characters.
> 
>    public static String generateRandomPassword(int num) {
>        Random r = new SecureRandom();
>        StringBuilder password = new StringBuilder();
> 
>        // Generate random 3-character string with a lowercase character,
>        // uppercase character, and a digit
> 
> password.append(generateLowercaseChar(r)).append(generateUppercaseChar(r)).append(generateDigit(r));
> 
>        // Generate a random n-character string with only lowercase
>        // characters
>        for (int i = 0; i < num; i++) {
>            password.append(generateLowercaseChar(r));
>        }
> 
>        return password.toString();
>    }
> 
> The unit tests seem to accommodate for this aswell:
> 
>        // actual length is requested length + 3
> 
> Assert.assertTrue(PasswordGenerator.generateRandomPassword(0).length() ==
> 3);
> 
> Assert.assertTrue(PasswordGenerator.generateRandomPassword(1).length() ==
> 4);
> 
> I'm guessing there's some reasoning for this.... CCing Laszlo who according
> to git log did some work on this class.
> 
> Thanks,
> 
> Ian
> 
> On 13 October 2014 19:39, Nux! <nux@li.nux.ro> wrote:
> 
>> Hello,
>>
>> First of all "THANKS!" to whoever made this feature happen (Ian I guess).
>> Now we can set more secure passwords generated for our instances.
>>
>> Second, the feature works, but with a small glitch, the number seems to be
>> affected by some sort of offset. I.e. if I set the password to be 15 chars
>> in length then the generated password will actually be 18 chars.
>> In order to get a 15 chars long passwd I had to set vm.password.length to
>> 12. Bug or feature? :)
>>
>>
>> Lucian
>>
>> --
>> Sent from the Delta quadrant using Borg technology!
>>
>> Nux!
>> www.nux.ro

Mime
View raw message