RE: vm.password.length issue in 4.4.1-SNAPSHOT
What about changing the system VM random passwords to use
generateRandomPassword() instead of generatePresharedKey()? Seems like it
should be the same function.
-Original Message-
From: Ian Duffy [mailto:i...@ianduffy.ie]
Sent: Friday, October 24, 2014 6:00 PM
To: CloudStack Dev
Subject: Re: vm.password.length issue in 4.4.1-SNAPSHOT
> I agree adding 3 characters is a bug and willing to fix it.
Me too.. I find it very worrying that the code base has tests that cater
for bugs to be valid input.
Really makes me wonder about the quality of the product.
Anyways... I did a grep of the codebase for usage of the method. Its not used
anywhere else... (Which does make me wonder why it existed in the first place
and if its functionality has been duplicated else where)
> Any objections to setting the minimum to 8, the previous default?
No objections from me.
On 25 October 2014 01:41, Amogh Vasekar wrote:
> Do note that the password generated here is considered temporary, as
> previously pointed out by Chiradeep in another thread.
>
> Thanks
> Amogh
>
> On 10/24/14 5:31 PM, "Nux!" wrote:
>
> >Imho, considering the password is not very secure (it's missing
> >symbols), we should increase the length.
> >For my personal stuff I default to 15 chars.
> >
> >--
> >Sent from the Delta quadrant using Borg technology!
> >
> >Nux!
> >www.nux.ro
> >
> >- Original Message -
> >> From: "Amogh Vasekar"
> >> To: dev@cloudstack.apache.org
> >> Cc: "laszlo hornyak"
> >> Sent: Saturday, 25 October, 2014 00:37:07
> >> Subject: Re: vm.password.length issue in 4.4.1-SNAPSHOT
> >
> >> Hi Laszlo,
> >>
> >> Any comments on the below? I agree adding 3 characters is a bug and
> >> willing to fix it.
> >>
> >> In addition, Ian, I believe we should set a minimum allowed value
> >>for the config value vm.password.length. Any objections to setting
> >>the minimum to 8, the previous default?
> >>
> >> Thanks
> >> Amogh
> >>
> >> On 10/13/14 5:34 PM, "Ian Duffy" wrote:
> >>
> >>>The only other usage of it is within
> >>>server/src/com/cloud/server/ConfigurationServerImpl.java
> >>>Its used for creating a Secondary storage vm copy password.
> >>>
> >>>I'm seeing absolutely no reason why we have 3 values going in no
> >>>matter what, I'm willing to say its a bug. I'm curious to why the
> >>>tests are written to deal with it though
> >>>
> >>>On 14 October 2014 00:26, Nux! wrote:
> >>>
> >>>> Well, it's a bit messy, but still better than the old password length.
> >>>> Ideally this should get clarified/fixed, but for now I am happy
> >>>>with my
> >>>> long+3 password! :)
> >>>>
> >>>>
> >>>> Cheers,
> >>>> Lucian
> >>>>
> >>>> --
> >>>> Sent from the Delta quadrant using Borg technology!
> >>>>
> >>>> Nux!
> >>>> www.nux.ro
> >>>>
> >>>> - Original Message -
> >>>> > From: "Ian Duffy"
> >>>> > To: "CloudStack Dev"
> >>>> > Cc: "laszlo hornyak"
> >>>> > Sent: Monday, 13 October, 2014 19:54:53
> >>>> > Subject: Re: vm.password.length issue in 4.4.1-SNAPSHOT
> >>>>
> >>>> > Hey Nux,
> >>>> >
> >>>> > So I passed this work off to a util class that was already
> >>>> > present
> >>>>in
> >>>>the
> >>>> > code base "PasswordGenerator"
> >>>> >
> >>>> >@Override
> >>>> >public String generateRandomPassword() {
> >>>> >Integer passwordLength =
> >>>> > Integer.parseInt(_configDao.getValue("vm.password.length"));
> >>>> >return
> >>>>PasswordGenerator.generateRandomPassword(passwordLength);
> >>>> >}
> >>>> >
> >>>> > Not a clue why but the generateRandomPassword method creates a
> >>>>random
> >>>> > 3-character string first then loops through to generate n
> >>>> > random
> >>>> characters.
> >>>> >
> >>>> >public static Strin
Re: vm.password.length issue in 4.4.1-SNAPSHOT
Amogh,
I know. In reality it will be used by people until the end of time, you know
how it is.
It's not costing us anything to default to better values rather than just wash
our hands of it.
My 2 pence
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
- Original Message -
> From: "Amogh Vasekar"
> To: dev@cloudstack.apache.org
> Cc: "laszlo hornyak"
> Sent: Saturday, 25 October, 2014 01:41:47
> Subject: Re: vm.password.length issue in 4.4.1-SNAPSHOT
> Do note that the password generated here is considered temporary, as
> previously pointed out by Chiradeep in another thread.
>
> Thanks
> Amogh
>
> On 10/24/14 5:31 PM, "Nux!" wrote:
>
>>Imho, considering the password is not very secure (it's missing symbols),
>>we should increase the length.
>>For my personal stuff I default to 15 chars.
>>
>>--
>>Sent from the Delta quadrant using Borg technology!
>>
>>Nux!
>>www.nux.ro
>>
>>- Original Message -
>>> From: "Amogh Vasekar"
>>> To: dev@cloudstack.apache.org
>>> Cc: "laszlo hornyak"
>>> Sent: Saturday, 25 October, 2014 00:37:07
>>> Subject: Re: vm.password.length issue in 4.4.1-SNAPSHOT
>>
>>> Hi Laszlo,
>>>
>>> Any comments on the below? I agree adding 3 characters is a bug and
>>> willing to fix it.
>>>
>>> In addition, Ian, I believe we should set a minimum allowed value for
>>>the
>>> config value vm.password.length. Any objections to setting the minimum
>>>to
>>> 8, the previous default?
>>>
>>> Thanks
>>> Amogh
>>>
>>> On 10/13/14 5:34 PM, "Ian Duffy" wrote:
>>>
>>>>The only other usage of it is within
>>>>server/src/com/cloud/server/ConfigurationServerImpl.java
>>>>Its used for creating a Secondary storage vm copy password.
>>>>
>>>>I'm seeing absolutely no reason why we have 3 values going in no matter
>>>>what, I'm willing to say its a bug. I'm curious to why the tests are
>>>>written to deal with it though
>>>>
>>>>On 14 October 2014 00:26, Nux! wrote:
>>>>
>>>>> Well, it's a bit messy, but still better than the old password length.
>>>>> Ideally this should get clarified/fixed, but for now I am happy with
>>>>>my
>>>>> long+3 password! :)
>>>>>
>>>>>
>>>>> Cheers,
>>>>> Lucian
>>>>>
>>>>> --
>>>>> Sent from the Delta quadrant using Borg technology!
>>>>>
>>>>> Nux!
>>>>> www.nux.ro
>>>>>
>>>>> - Original Message -
>>>>> > From: "Ian Duffy"
>>>>> > To: "CloudStack Dev"
>>>>> > Cc: "laszlo hornyak"
>>>>> > Sent: Monday, 13 October, 2014 19:54:53
>>>>> > Subject: Re: vm.password.length issue in 4.4.1-SNAPSHOT
>>>>>
>>>>> > Hey Nux,
>>>>> >
>>>>> > So I passed this work off to a util class that was already present
>>>>>in
>>>>>the
>>>>> > code base "PasswordGenerator"
>>>>> >
>>>>> >@Override
>>>>> >public String generateRandomPassword() {
>>>>> >Integer passwordLength =
>>>>> > Integer.parseInt(_configDao.getValue("vm.password.length"));
>>>>> >return
>>>>>PasswordGenerator.generateRandomPassword(passwordLength);
>>>>> >}
>>>>> >
>>>>> > Not a clue why but the generateRandomPassword method creates a
>>>>>random
>>>>> > 3-character string first then loops through to generate n random
>>>>> characters.
>>>>> >
>>>>> >public static String generateRandomPassword(int num) {
>>>>> >Random r = new SecureRandom();
>>>>> >StringBuilder password = new StringBuilder();
>>>>> >
>>>>> >// Generate random 3-character string with a lowercase
>>>>>character,
>>>>> >// uppercase character, and a digit
>>>>> >
>>>>> >
>>>>>
>>>>>password.append(generateLowercaseChar(r)
Re: vm.password.length issue in 4.4.1-SNAPSHOT
> I agree adding 3 characters is a bug and willing to fix it.
Me too.. I find it very worrying that the code base has tests that
cater for bugs to be valid input.
Really makes me wonder about the quality of the product.
Anyways... I did a grep of the codebase for usage of the method. Its not
used anywhere else... (Which does make me wonder why it existed in the
first place and if its functionality has been duplicated else where)
> Any objections to setting the minimum to 8, the previous default?
No objections from me.
On 25 October 2014 01:41, Amogh Vasekar wrote:
> Do note that the password generated here is considered temporary, as
> previously pointed out by Chiradeep in another thread.
>
> Thanks
> Amogh
>
> On 10/24/14 5:31 PM, "Nux!" wrote:
>
> >Imho, considering the password is not very secure (it's missing symbols),
> >we should increase the length.
> >For my personal stuff I default to 15 chars.
> >
> >--
> >Sent from the Delta quadrant using Borg technology!
> >
> >Nux!
> >www.nux.ro
> >
> >- Original Message -
> >> From: "Amogh Vasekar"
> >> To: dev@cloudstack.apache.org
> >> Cc: "laszlo hornyak"
> >> Sent: Saturday, 25 October, 2014 00:37:07
> >> Subject: Re: vm.password.length issue in 4.4.1-SNAPSHOT
> >
> >> Hi Laszlo,
> >>
> >> Any comments on the below? I agree adding 3 characters is a bug and
> >> willing to fix it.
> >>
> >> In addition, Ian, I believe we should set a minimum allowed value for
> >>the
> >> config value vm.password.length. Any objections to setting the minimum
> >>to
> >> 8, the previous default?
> >>
> >> Thanks
> >> Amogh
> >>
> >> On 10/13/14 5:34 PM, "Ian Duffy" wrote:
> >>
> >>>The only other usage of it is within
> >>>server/src/com/cloud/server/ConfigurationServerImpl.java
> >>>Its used for creating a Secondary storage vm copy password.
> >>>
> >>>I'm seeing absolutely no reason why we have 3 values going in no matter
> >>>what, I'm willing to say its a bug. I'm curious to why the tests are
> >>>written to deal with it though
> >>>
> >>>On 14 October 2014 00:26, Nux! wrote:
> >>>
> >>>> Well, it's a bit messy, but still better than the old password length.
> >>>> Ideally this should get clarified/fixed, but for now I am happy with
> >>>>my
> >>>> long+3 password! :)
> >>>>
> >>>>
> >>>> Cheers,
> >>>> Lucian
> >>>>
> >>>> --
> >>>> Sent from the Delta quadrant using Borg technology!
> >>>>
> >>>> Nux!
> >>>> www.nux.ro
> >>>>
> >>>> - Original Message -
> >>>> > From: "Ian Duffy"
> >>>> > To: "CloudStack Dev"
> >>>> > Cc: "laszlo hornyak"
> >>>> > Sent: Monday, 13 October, 2014 19:54:53
> >>>> > Subject: Re: vm.password.length issue in 4.4.1-SNAPSHOT
> >>>>
> >>>> > Hey Nux,
> >>>> >
> >>>> > So I passed this work off to a util class that was already present
> >>>>in
> >>>>the
> >>>> > code base "PasswordGenerator"
> >>>> >
> >>>> >@Override
> >>>> >public String generateRandomPassword() {
> >>>> >Integer passwordLength =
> >>>> > Integer.parseInt(_configDao.getValue("vm.password.length"));
> >>>> >return
> >>>>PasswordGenerator.generateRandomPassword(passwordLength);
> >>>> >}
> >>>> >
> >>>> > Not a clue why but the generateRandomPassword method creates a
> >>>>random
> >>>> > 3-character string first then loops through to generate n random
> >>>> characters.
> >>>> >
> >>>> >public static String generateRandomPassword(int num) {
> >>>> >Random r = new SecureRandom();
> >>>> >StringBuilder password = new StringBuilder();
> >>>> >
> >>>> >// Generate random 3-character string with a lowercase
> >>>>character,
> >>>> >// uppercase character, and
Re: vm.password.length issue in 4.4.1-SNAPSHOT
Do note that the password generated here is considered temporary, as
previously pointed out by Chiradeep in another thread.
Thanks
Amogh
On 10/24/14 5:31 PM, "Nux!" wrote:
>Imho, considering the password is not very secure (it's missing symbols),
>we should increase the length.
>For my personal stuff I default to 15 chars.
>
>--
>Sent from the Delta quadrant using Borg technology!
>
>Nux!
>www.nux.ro
>
>- Original Message -
>> From: "Amogh Vasekar"
>> To: dev@cloudstack.apache.org
>> Cc: "laszlo hornyak"
>> Sent: Saturday, 25 October, 2014 00:37:07
>> Subject: Re: vm.password.length issue in 4.4.1-SNAPSHOT
>
>> Hi Laszlo,
>>
>> Any comments on the below? I agree adding 3 characters is a bug and
>> willing to fix it.
>>
>> In addition, Ian, I believe we should set a minimum allowed value for
>>the
>> config value vm.password.length. Any objections to setting the minimum
>>to
>> 8, the previous default?
>>
>> Thanks
>> Amogh
>>
>> On 10/13/14 5:34 PM, "Ian Duffy" wrote:
>>
>>>The only other usage of it is within
>>>server/src/com/cloud/server/ConfigurationServerImpl.java
>>>Its used for creating a Secondary storage vm copy password.
>>>
>>>I'm seeing absolutely no reason why we have 3 values going in no matter
>>>what, I'm willing to say its a bug. I'm curious to why the tests are
>>>written to deal with it though
>>>
>>>On 14 October 2014 00:26, Nux! wrote:
>>>
>>>> Well, it's a bit messy, but still better than the old password length.
>>>> Ideally this should get clarified/fixed, but for now I am happy with
>>>>my
>>>> long+3 password! :)
>>>>
>>>>
>>>> Cheers,
>>>> Lucian
>>>>
>>>> --
>>>> Sent from the Delta quadrant using Borg technology!
>>>>
>>>> Nux!
>>>> www.nux.ro
>>>>
>>>> - Original Message -
>>>> > From: "Ian Duffy"
>>>> > To: "CloudStack Dev"
>>>> > Cc: "laszlo hornyak"
>>>> > Sent: Monday, 13 October, 2014 19:54:53
>>>> > Subject: Re: vm.password.length issue in 4.4.1-SNAPSHOT
>>>>
>>>> > Hey Nux,
>>>> >
>>>> > So I passed this work off to a util class that was already present
>>>>in
>>>>the
>>>> > code base "PasswordGenerator"
>>>> >
>>>> >@Override
>>>> >public String generateRandomPassword() {
>>>> >Integer passwordLength =
>>>> > Integer.parseInt(_configDao.getValue("vm.password.length"));
>>>> >return
>>>>PasswordGenerator.generateRandomPassword(passwordLength);
>>>> >}
>>>> >
>>>> > Not a clue why but the generateRandomPassword method creates a
>>>>random
>>>> > 3-character string first then loops through to generate n random
>>>> characters.
>>>> >
>>>> >public static String generateRandomPassword(int num) {
>>>> >Random r = new SecureRandom();
>>>> >StringBuilder password = new StringBuilder();
>>>> >
>>>> >// Generate random 3-character string with a lowercase
>>>>character,
>>>> >// uppercase character, and a digit
>>>> >
>>>> >
>>>>
>>>>password.append(generateLowercaseChar(r)).append(generateUppercaseChar(
>>>>r)
>>>>).append(generateDigit(r));
>>>> >
>>>> >// Generate a random n-character string with only lowercase
>>>> >// characters
>>>> >for (int i = 0; i < num; i++) {
>>>> >password.append(generateLowercaseChar(r));
>>>> >}
>>>> >
>>>> >return password.toString();
>>>> >}
>>>> >
>>>> > The unit tests seem to accommodate for this aswell:
>>>> >
>>>> >// actual length is requested length + 3
>>>> >
>>>> >
>>>>Assert.assertTrue(PasswordGenerator.generateRandomPassword(0).length()
>>>>==
>>>> > 3);
>>>> >
>>>> >
>>>>Assert.assertTrue(PasswordGenerator.generateRandomPassword(1).length()
>>>>==
>>>> > 4);
>>>> >
>>>> > I'm guessing there's some reasoning for this CCing Laszlo who
>>>> according
>>>> > to git log did some work on this class.
>>>> >
>>>> > Thanks,
>>>> >
>>>> > Ian
>>>> >
>>>> > On 13 October 2014 19:39, Nux! wrote:
>>>> >
>>>> >> Hello,
>>>> >>
>>>> >> First of all "THANKS!" to whoever made this feature happen (Ian I
>>>> guess).
>>>> >> Now we can set more secure passwords generated for our instances.
>>>> >>
>>>> >> Second, the feature works, but with a small glitch, the number
>>>>seems
>>>>to
>>>> be
>>>> >> affected by some sort of offset. I.e. if I set the password to be
>>>>15
>>>> chars
>>>> >> in length then the generated password will actually be 18 chars.
>>>> >> In order to get a 15 chars long passwd I had to set
>>>>vm.password.length
>>>> to
>>>> >> 12. Bug or feature? :)
>>>> >>
>>>> >>
>>>> >> Lucian
>>>> >>
>>>> >> --
>>>> >> Sent from the Delta quadrant using Borg technology!
>>>> >>
>>>> >> Nux!
>>>> >> www.nux.ro
Re: vm.password.length issue in 4.4.1-SNAPSHOT
Imho, considering the password is not very secure (it's missing symbols), we
should increase the length.
For my personal stuff I default to 15 chars.
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
- Original Message -
> From: "Amogh Vasekar"
> To: dev@cloudstack.apache.org
> Cc: "laszlo hornyak"
> Sent: Saturday, 25 October, 2014 00:37:07
> Subject: Re: vm.password.length issue in 4.4.1-SNAPSHOT
> Hi Laszlo,
>
> Any comments on the below? I agree adding 3 characters is a bug and
> willing to fix it.
>
> In addition, Ian, I believe we should set a minimum allowed value for the
> config value vm.password.length. Any objections to setting the minimum to
> 8, the previous default?
>
> Thanks
> Amogh
>
> On 10/13/14 5:34 PM, "Ian Duffy" wrote:
>
>>The only other usage of it is within
>>server/src/com/cloud/server/ConfigurationServerImpl.java
>>Its used for creating a Secondary storage vm copy password.
>>
>>I'm seeing absolutely no reason why we have 3 values going in no matter
>>what, I'm willing to say its a bug. I'm curious to why the tests are
>>written to deal with it though
>>
>>On 14 October 2014 00:26, Nux! wrote:
>>
>>> Well, it's a bit messy, but still better than the old password length.
>>> Ideally this should get clarified/fixed, but for now I am happy with my
>>> long+3 password! :)
>>>
>>>
>>> Cheers,
>>> Lucian
>>>
>>> --
>>> Sent from the Delta quadrant using Borg technology!
>>>
>>> Nux!
>>> www.nux.ro
>>>
>>> - Original Message -
>>> > From: "Ian Duffy"
>>> > To: "CloudStack Dev"
>>> > Cc: "laszlo hornyak"
>>> > Sent: Monday, 13 October, 2014 19:54:53
>>> > Subject: Re: vm.password.length issue in 4.4.1-SNAPSHOT
>>>
>>> > Hey Nux,
>>> >
>>> > So I passed this work off to a util class that was already present in
>>>the
>>> > code base "PasswordGenerator"
>>> >
>>> >@Override
>>> >public String generateRandomPassword() {
>>> >Integer passwordLength =
>>> > Integer.parseInt(_configDao.getValue("vm.password.length"));
>>> >return
>>>PasswordGenerator.generateRandomPassword(passwordLength);
>>> >}
>>> >
>>> > Not a clue why but the generateRandomPassword method creates a random
>>> > 3-character string first then loops through to generate n random
>>> characters.
>>> >
>>> >public static String generateRandomPassword(int num) {
>>> >Random r = new SecureRandom();
>>> >StringBuilder password = new StringBuilder();
>>> >
>>> >// Generate random 3-character string with a lowercase
>>>character,
>>> >// uppercase character, and a digit
>>> >
>>> >
>>>
>>>password.append(generateLowercaseChar(r)).append(generateUppercaseChar(r)
>>>).append(generateDigit(r));
>>> >
>>> >// Generate a random n-character string with only lowercase
>>> >// characters
>>> >for (int i = 0; i < num; i++) {
>>> >password.append(generateLowercaseChar(r));
>>> >}
>>> >
>>> >return password.toString();
>>> >}
>>> >
>>> > The unit tests seem to accommodate for this aswell:
>>> >
>>> >// actual length is requested length + 3
>>> >
>>> >
>>>Assert.assertTrue(PasswordGenerator.generateRandomPassword(0).length() ==
>>> > 3);
>>> >
>>> >
>>>Assert.assertTrue(PasswordGenerator.generateRandomPassword(1).length() ==
>>> > 4);
>>> >
>>> > I'm guessing there's some reasoning for this CCing Laszlo who
>>> according
>>> > to git log did some work on this class.
>>> >
>>> > Thanks,
>>> >
>>> > Ian
>>> >
>>> > On 13 October 2014 19:39, Nux! wrote:
>>> >
>>> >> Hello,
>>> >>
>>> >> First of all "THANKS!" to whoever made this feature happen (Ian I
>>> guess).
>>> >> Now we can set more secure passwords generated for our instances.
>>> >>
>>> >> Second, the feature works, but with a small glitch, the number seems
>>>to
>>> be
>>> >> affected by some sort of offset. I.e. if I set the password to be 15
>>> chars
>>> >> in length then the generated password will actually be 18 chars.
>>> >> In order to get a 15 chars long passwd I had to set
>>>vm.password.length
>>> to
>>> >> 12. Bug or feature? :)
>>> >>
>>> >>
>>> >> Lucian
>>> >>
>>> >> --
>>> >> Sent from the Delta quadrant using Borg technology!
>>> >>
>>> >> Nux!
>>> >> www.nux.ro
Re: vm.password.length issue in 4.4.1-SNAPSHOT
Hi Laszlo,
Any comments on the below? I agree adding 3 characters is a bug and
willing to fix it.
In addition, Ian, I believe we should set a minimum allowed value for the
config value vm.password.length. Any objections to setting the minimum to
8, the previous default?
Thanks
Amogh
On 10/13/14 5:34 PM, "Ian Duffy" wrote:
>The only other usage of it is within
>server/src/com/cloud/server/ConfigurationServerImpl.java
>Its used for creating a Secondary storage vm copy password.
>
>I'm seeing absolutely no reason why we have 3 values going in no matter
>what, I'm willing to say its a bug. I'm curious to why the tests are
>written to deal with it though
>
>On 14 October 2014 00:26, Nux! wrote:
>
>> Well, it's a bit messy, but still better than the old password length.
>> Ideally this should get clarified/fixed, but for now I am happy with my
>> long+3 password! :)
>>
>>
>> Cheers,
>> Lucian
>>
>> --
>> Sent from the Delta quadrant using Borg technology!
>>
>> Nux!
>> www.nux.ro
>>
>> - Original Message -
>> > From: "Ian Duffy"
>> > To: "CloudStack Dev"
>> > Cc: "laszlo hornyak"
>> > Sent: Monday, 13 October, 2014 19:54:53
>> > Subject: Re: vm.password.length issue in 4.4.1-SNAPSHOT
>>
>> > Hey Nux,
>> >
>> > So I passed this work off to a util class that was already present in
>>the
>> > code base "PasswordGenerator"
>> >
>> >@Override
>> >public String generateRandomPassword() {
>> >Integer passwordLength =
>> > Integer.parseInt(_configDao.getValue("vm.password.length"));
>> >return
>>PasswordGenerator.generateRandomPassword(passwordLength);
>> >}
>> >
>> > Not a clue why but the generateRandomPassword method creates a random
>> > 3-character string first then loops through to generate n random
>> characters.
>> >
>> >public static String generateRandomPassword(int num) {
>> >Random r = new SecureRandom();
>> >StringBuilder password = new StringBuilder();
>> >
>> >// Generate random 3-character string with a lowercase
>>character,
>> >// uppercase character, and a digit
>> >
>> >
>>
>>password.append(generateLowercaseChar(r)).append(generateUppercaseChar(r)
>>).append(generateDigit(r));
>> >
>> >// Generate a random n-character string with only lowercase
>> >// characters
>> >for (int i = 0; i < num; i++) {
>> >password.append(generateLowercaseChar(r));
>> >}
>> >
>> >return password.toString();
>> >}
>> >
>> > The unit tests seem to accommodate for this aswell:
>> >
>> >// actual length is requested length + 3
>> >
>> >
>>Assert.assertTrue(PasswordGenerator.generateRandomPassword(0).length() ==
>> > 3);
>> >
>> >
>>Assert.assertTrue(PasswordGenerator.generateRandomPassword(1).length() ==
>> > 4);
>> >
>> > I'm guessing there's some reasoning for this CCing Laszlo who
>> according
>> > to git log did some work on this class.
>> >
>> > Thanks,
>> >
>> > Ian
>> >
>> > On 13 October 2014 19:39, Nux! wrote:
>> >
>> >> Hello,
>> >>
>> >> First of all "THANKS!" to whoever made this feature happen (Ian I
>> guess).
>> >> Now we can set more secure passwords generated for our instances.
>> >>
>> >> Second, the feature works, but with a small glitch, the number seems
>>to
>> be
>> >> affected by some sort of offset. I.e. if I set the password to be 15
>> chars
>> >> in length then the generated password will actually be 18 chars.
>> >> In order to get a 15 chars long passwd I had to set
>>vm.password.length
>> to
>> >> 12. Bug or feature? :)
>> >>
>> >>
>> >> Lucian
>> >>
>> >> --
>> >> Sent from the Delta quadrant using Borg technology!
>> >>
>> >> Nux!
>> >> www.nux.ro
>>
Re: vm.password.length issue in 4.4.1-SNAPSHOT
The only other usage of it is within
server/src/com/cloud/server/ConfigurationServerImpl.java
Its used for creating a Secondary storage vm copy password.
I'm seeing absolutely no reason why we have 3 values going in no matter
what, I'm willing to say its a bug. I'm curious to why the tests are
written to deal with it though
On 14 October 2014 00:26, Nux! wrote:
> Well, it's a bit messy, but still better than the old password length.
> Ideally this should get clarified/fixed, but for now I am happy with my
> long+3 password! :)
>
>
> Cheers,
> Lucian
>
> --
> Sent from the Delta quadrant using Borg technology!
>
> Nux!
> www.nux.ro
>
> - Original Message -
> > From: "Ian Duffy"
> > To: "CloudStack Dev"
> > Cc: "laszlo hornyak"
> > Sent: Monday, 13 October, 2014 19:54:53
> > Subject: Re: vm.password.length issue in 4.4.1-SNAPSHOT
>
> > Hey Nux,
> >
> > So I passed this work off to a util class that was already present in the
> > code base "PasswordGenerator"
> >
> >@Override
> >public String generateRandomPassword() {
> >Integer passwordLength =
> > Integer.parseInt(_configDao.getValue("vm.password.length"));
> >return PasswordGenerator.generateRandomPassword(passwordLength);
> >}
> >
> > Not a clue why but the generateRandomPassword method creates a random
> > 3-character string first then loops through to generate n random
> characters.
> >
> >public static String generateRandomPassword(int num) {
> >Random r = new SecureRandom();
> >StringBuilder password = new StringBuilder();
> >
> >// Generate random 3-character string with a lowercase character,
> >// uppercase character, and a digit
> >
> >
> password.append(generateLowercaseChar(r)).append(generateUppercaseChar(r)).append(generateDigit(r));
> >
> >// Generate a random n-character string with only lowercase
> >// characters
> >for (int i = 0; i < num; i++) {
> >password.append(generateLowercaseChar(r));
> >}
> >
> >return password.toString();
> >}
> >
> > The unit tests seem to accommodate for this aswell:
> >
> >// actual length is requested length + 3
> >
> > Assert.assertTrue(PasswordGenerator.generateRandomPassword(0).length() ==
> > 3);
> >
> > Assert.assertTrue(PasswordGenerator.generateRandomPassword(1).length() ==
> > 4);
> >
> > I'm guessing there's some reasoning for this CCing Laszlo who
> according
> > to git log did some work on this class.
> >
> > Thanks,
> >
> > Ian
> >
> > On 13 October 2014 19:39, Nux! wrote:
> >
> >> Hello,
> >>
> >> First of all "THANKS!" to whoever made this feature happen (Ian I
> guess).
> >> Now we can set more secure passwords generated for our instances.
> >>
> >> Second, the feature works, but with a small glitch, the number seems to
> be
> >> affected by some sort of offset. I.e. if I set the password to be 15
> chars
> >> in length then the generated password will actually be 18 chars.
> >> In order to get a 15 chars long passwd I had to set vm.password.length
> to
> >> 12. Bug or feature? :)
> >>
> >>
> >> Lucian
> >>
> >> --
> >> Sent from the Delta quadrant using Borg technology!
> >>
> >> Nux!
> >> www.nux.ro
>
Re: vm.password.length issue in 4.4.1-SNAPSHOT
Well, it's a bit messy, but still better than the old password length.
Ideally this should get clarified/fixed, but for now I am happy with my long+3
password! :)
Cheers,
Lucian
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
- Original Message -
> From: "Ian Duffy"
> To: "CloudStack Dev"
> Cc: "laszlo hornyak"
> Sent: Monday, 13 October, 2014 19:54:53
> Subject: Re: vm.password.length issue in 4.4.1-SNAPSHOT
> Hey Nux,
>
> So I passed this work off to a util class that was already present in the
> code base "PasswordGenerator"
>
>@Override
>public String generateRandomPassword() {
>Integer passwordLength =
> Integer.parseInt(_configDao.getValue("vm.password.length"));
>return PasswordGenerator.generateRandomPassword(passwordLength);
>}
>
> Not a clue why but the generateRandomPassword method creates a random
> 3-character string first then loops through to generate n random characters.
>
>public static String generateRandomPassword(int num) {
>Random r = new SecureRandom();
>StringBuilder password = new StringBuilder();
>
>// Generate random 3-character string with a lowercase character,
>// uppercase character, and a digit
>
> password.append(generateLowercaseChar(r)).append(generateUppercaseChar(r)).append(generateDigit(r));
>
>// Generate a random n-character string with only lowercase
>// characters
>for (int i = 0; i < num; i++) {
>password.append(generateLowercaseChar(r));
>}
>
>return password.toString();
>}
>
> The unit tests seem to accommodate for this aswell:
>
>// actual length is requested length + 3
>
> Assert.assertTrue(PasswordGenerator.generateRandomPassword(0).length() ==
> 3);
>
> Assert.assertTrue(PasswordGenerator.generateRandomPassword(1).length() ==
> 4);
>
> I'm guessing there's some reasoning for this CCing Laszlo who according
> to git log did some work on this class.
>
> Thanks,
>
> Ian
>
> On 13 October 2014 19:39, Nux! wrote:
>
>> Hello,
>>
>> First of all "THANKS!" to whoever made this feature happen (Ian I guess).
>> Now we can set more secure passwords generated for our instances.
>>
>> Second, the feature works, but with a small glitch, the number seems to be
>> affected by some sort of offset. I.e. if I set the password to be 15 chars
>> in length then the generated password will actually be 18 chars.
>> In order to get a 15 chars long passwd I had to set vm.password.length to
>> 12. Bug or feature? :)
>>
>>
>> Lucian
>>
>> --
>> Sent from the Delta quadrant using Borg technology!
>>
>> Nux!
>> www.nux.ro
Re: vm.password.length issue in 4.4.1-SNAPSHOT
Hey Nux,
So I passed this work off to a util class that was already present in the
code base "PasswordGenerator"
@Override
public String generateRandomPassword() {
Integer passwordLength =
Integer.parseInt(_configDao.getValue("vm.password.length"));
return PasswordGenerator.generateRandomPassword(passwordLength);
}
Not a clue why but the generateRandomPassword method creates a random
3-character string first then loops through to generate n random characters.
public static String generateRandomPassword(int num) {
Random r = new SecureRandom();
StringBuilder password = new StringBuilder();
// Generate random 3-character string with a lowercase character,
// uppercase character, and a digit
password.append(generateLowercaseChar(r)).append(generateUppercaseChar(r)).append(generateDigit(r));
// Generate a random n-character string with only lowercase
// characters
for (int i = 0; i < num; i++) {
password.append(generateLowercaseChar(r));
}
return password.toString();
}
The unit tests seem to accommodate for this aswell:
// actual length is requested length + 3
Assert.assertTrue(PasswordGenerator.generateRandomPassword(0).length() ==
3);
Assert.assertTrue(PasswordGenerator.generateRandomPassword(1).length() ==
4);
I'm guessing there's some reasoning for this CCing Laszlo who according
to git log did some work on this class.
Thanks,
Ian
On 13 October 2014 19:39, Nux! wrote:
> Hello,
>
> First of all "THANKS!" to whoever made this feature happen (Ian I guess).
> Now we can set more secure passwords generated for our instances.
>
> Second, the feature works, but with a small glitch, the number seems to be
> affected by some sort of offset. I.e. if I set the password to be 15 chars
> in length then the generated password will actually be 18 chars.
> In order to get a 15 chars long passwd I had to set vm.password.length to
> 12. Bug or feature? :)
>
>
> Lucian
>
> --
> Sent from the Delta quadrant using Borg technology!
>
> Nux!
> www.nux.ro
>
