cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ian Duffy <...@ianduffy.ie>
Subject Re: vm.password.length issue in 4.4.1-SNAPSHOT
Date Mon, 13 Oct 2014 18:54:53 GMT
Hey Nux,

So I passed this work off to a util class that was already present in the
code base "PasswordGenerator"

    @Override
    public String generateRandomPassword() {
        Integer passwordLength =
Integer.parseInt(_configDao.getValue("vm.password.length"));
        return PasswordGenerator.generateRandomPassword(passwordLength);
    }

Not a clue why but the generateRandomPassword method creates a random
3-character string first then loops through to generate n random characters.

    public static String generateRandomPassword(int num) {
        Random r = new SecureRandom();
        StringBuilder password = new StringBuilder();

        // Generate random 3-character string with a lowercase character,
        // uppercase character, and a digit

password.append(generateLowercaseChar(r)).append(generateUppercaseChar(r)).append(generateDigit(r));

        // Generate a random n-character string with only lowercase
        // characters
        for (int i = 0; i < num; i++) {
            password.append(generateLowercaseChar(r));
        }

        return password.toString();
    }

The unit tests seem to accommodate for this aswell:

        // actual length is requested length + 3

Assert.assertTrue(PasswordGenerator.generateRandomPassword(0).length() ==
3);

Assert.assertTrue(PasswordGenerator.generateRandomPassword(1).length() ==
4);

I'm guessing there's some reasoning for this.... CCing Laszlo who according
to git log did some work on this class.

Thanks,

Ian

On 13 October 2014 19:39, Nux! <nux@li.nux.ro> wrote:

> Hello,
>
> First of all "THANKS!" to whoever made this feature happen (Ian I guess).
> Now we can set more secure passwords generated for our instances.
>
> Second, the feature works, but with a small glitch, the number seems to be
> affected by some sort of offset. I.e. if I set the password to be 15 chars
> in length then the generated password will actually be 18 chars.
> In order to get a 15 chars long passwd I had to set vm.password.length to
> 12. Bug or feature? :)
>
>
> Lucian
>
> --
> Sent from the Delta quadrant using Borg technology!
>
> Nux!
> www.nux.ro
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message