cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bhaisaab <...@git.apache.org>
Subject [GitHub] cloudstack pull request: Cloudstack 8868: use PasswordGenerator.ge...
Date Wed, 16 Sep 2015 09:27:22 GMT
Github user bhaisaab commented on the pull request:

    https://github.com/apache/cloudstack/pull/841#issuecomment-140684521
  
    I think the PasswordGenerator.generateRandomPassword (from utils) is not secure at all
for small lengths (such as the default 6), since it's not really random ("random 3-character
string with a lowercase character, uppercase character, and a digit" + random n-character
string with only lowercase characters") and one could create a rainbow table to attempt to
get into systemvms. In case of uservms, it is advised to change the password; but in case
of systemvms it will be an issue. In case of systemvms, may be we can still directly use the
PasswordGenerator util but increase the length to 24 or 32 or 24+rand integer?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message