URL: https://github.com/freeipa/freeipa/pull/317
Title: #317: Unify password generation across FreeIPA

stlaz commented:
@simo5 I was actually trying to get rid of SHA-1 and I am aware that entropy 
will not be raised, that part of the code draw a smile on some of our faces 
here, really :)
As for the spaces, I did not encounter issues with them in password.conf files 
which is awesome but I agree they're potentially dangerous. However, removing 
them from default set of password chars would not make our life easier as the 
check would have to stay there in case someone passes them as a possible 
character as an argument to ipa_generate_password (although they should 
probably know what they're doing, right?).
We may be able to get rid off the `characters` argument should the cases where 
it's used are found invalid though (currently in `host`, `user` passwords and 
in `dnskeysync`).
@tiran Regarding sha1 - did you see the patch? ;) However I agree that the 
length is not a good argument for password-generating function, I will have a 
look at transforming it to entropy.

See the full comment at 
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to