[
https://issues.apache.org/jira/browse/CLOUDSTACK-9052?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15020955#comment-15020955
]
ASF subversion and git services commented on CLOUDSTACK-9052:
-------------------------------------------------------------
Commit 3f7a86d8efac3b198040be09f359727a6798dbf3 in cloudstack's branch
refs/heads/4.6 from [~remibergsma]
[ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=3f7a86d ]
Merge pull request #1058 from greenqloud/pr/password_security
Shuffling the password to avoid having a subset of characters in fixed
positions.Related to CLOUDSTACK-9052.
I am shuffling the characters in the password, to avoid having a certain char
type in fixed positions. I modified the tests accordingly to only check that
the different character types are present.
I think it would be good to remove the hard requirement to have at least one of
digits, upper-case, and lowercase chars, as it reduces the number of possible
combinations passwords can take. What do you think?
* pr/1058:
CLOUDSTACK-9052 Shuffling the password to avoid having a subset of characters
in fixed positions.
Signed-off-by: Remi Bergsma <[email protected]>
> Make random generated passwords more secure
> -------------------------------------------
>
> Key: CLOUDSTACK-9052
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9052
> Project: CloudStack
> Issue Type: Improvement
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Affects Versions: 4.5.0
> Reporter: Nera Nesic
>
> Currently, any password generated by the PasswordGenerator that is more than
> three characters long has a lower-case char, and an upper-case char, and a
> digit in fixed positions, which reduces the randomness and makes it easier to
> crack.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
