Imho, considering the password is not very secure (it's missing symbols), we should increase the length. For my personal stuff I default to 15 chars.
-- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro ----- Original Message ----- > From: "Amogh Vasekar" <amogh.vase...@citrix.com> > To: dev@cloudstack.apache.org > Cc: "laszlo hornyak" <laszlo.horn...@gmail.com> > Sent: Saturday, 25 October, 2014 00:37:07 > Subject: Re: vm.password.length issue in 4.4.1-SNAPSHOT > Hi Laszlo, > > Any comments on the below? I agree adding 3 characters is a bug and > willing to fix it. > > In addition, Ian, I believe we should set a minimum allowed value for the > config value vm.password.length. Any objections to setting the minimum to > 8, the previous default? > > Thanks > Amogh > > On 10/13/14 5:34 PM, "Ian Duffy" <i...@ianduffy.ie> wrote: > >>The only other usage of it is within >>server/src/com/cloud/server/ConfigurationServerImpl.java >>Its used for creating a Secondary storage vm copy password. >> >>I'm seeing absolutely no reason why we have 3 values going in no matter >>what, I'm willing to say its a bug. I'm curious to why the tests are >>written to deal with it though.... >> >>On 14 October 2014 00:26, Nux! <n...@li.nux.ro> wrote: >> >>> Well, it's a bit messy, but still better than the old password length. >>> Ideally this should get clarified/fixed, but for now I am happy with my >>> long+3 password! :) >>> >>> >>> Cheers, >>> Lucian >>> >>> -- >>> Sent from the Delta quadrant using Borg technology! >>> >>> Nux! >>> www.nux.ro >>> >>> ----- Original Message ----- >>> > From: "Ian Duffy" <i...@ianduffy.ie> >>> > To: "CloudStack Dev" <dev@cloudstack.apache.org> >>> > Cc: "laszlo hornyak" <laszlo.horn...@gmail.com> >>> > Sent: Monday, 13 October, 2014 19:54:53 >>> > Subject: Re: vm.password.length issue in 4.4.1-SNAPSHOT >>> >>> > Hey Nux, >>> > >>> > So I passed this work off to a util class that was already present in >>>the >>> > code base "PasswordGenerator" >>> > >>> > @Override >>> > public String generateRandomPassword() { >>> > Integer passwordLength = >>> > Integer.parseInt(_configDao.getValue("vm.password.length")); >>> > return >>>PasswordGenerator.generateRandomPassword(passwordLength); >>> > } >>> > >>> > Not a clue why but the generateRandomPassword method creates a random >>> > 3-character string first then loops through to generate n random >>> characters. >>> > >>> > public static String generateRandomPassword(int num) { >>> > Random r = new SecureRandom(); >>> > StringBuilder password = new StringBuilder(); >>> > >>> > // Generate random 3-character string with a lowercase >>>character, >>> > // uppercase character, and a digit >>> > >>> > >>> >>>password.append(generateLowercaseChar(r)).append(generateUppercaseChar(r) >>>).append(generateDigit(r)); >>> > >>> > // Generate a random n-character string with only lowercase >>> > // characters >>> > for (int i = 0; i < num; i++) { >>> > password.append(generateLowercaseChar(r)); >>> > } >>> > >>> > return password.toString(); >>> > } >>> > >>> > The unit tests seem to accommodate for this aswell: >>> > >>> > // actual length is requested length + 3 >>> > >>> > >>>Assert.assertTrue(PasswordGenerator.generateRandomPassword(0).length() == >>> > 3); >>> > >>> > >>>Assert.assertTrue(PasswordGenerator.generateRandomPassword(1).length() == >>> > 4); >>> > >>> > I'm guessing there's some reasoning for this.... CCing Laszlo who >>> according >>> > to git log did some work on this class. >>> > >>> > Thanks, >>> > >>> > Ian >>> > >>> > On 13 October 2014 19:39, Nux! <n...@li.nux.ro> wrote: >>> > >>> >> Hello, >>> >> >>> >> First of all "THANKS!" to whoever made this feature happen (Ian I >>> guess). >>> >> Now we can set more secure passwords generated for our instances. >>> >> >>> >> Second, the feature works, but with a small glitch, the number seems >>>to >>> be >>> >> affected by some sort of offset. I.e. if I set the password to be 15 >>> chars >>> >> in length then the generated password will actually be 18 chars. >>> >> In order to get a 15 chars long passwd I had to set >>>vm.password.length >>> to >>> >> 12. Bug or feature? :) >>> >> >>> >> >>> >> Lucian >>> >> >>> >> -- >>> >> Sent from the Delta quadrant using Borg technology! >>> >> >>> >> Nux! >>> >> www.nux.ro