RE: vm.password.length issue in 4.4.1-SNAPSHOT
What about changing the system VM random passwords to use
generateRandomPassword() instead of generatePresharedKey()? Seems like it
should be the same function.
-Original Message-
From: Ian Duffy [mailto:i...@ianduffy.ie]
Sent: Friday, October 24, 2014 6:00 PM
To: CloudStack Dev
Subject: Re: vm.password.length issue in 4.4.1-SNAPSHOT
I agree adding 3 characters is a bug and willing to fix it.
Me too.. I find it very worrying that the code base has tests that cater
for bugs to be valid input.
Really makes me wonder about the quality of the product.
Anyways... I did a grep of the codebase for usage of the method. Its not used
anywhere else... (Which does make me wonder why it existed in the first place
and if its functionality has been duplicated else where)
Any objections to setting the minimum to 8, the previous default?
No objections from me.
On 25 October 2014 01:41, Amogh Vasekar amogh.vase...@citrix.com wrote:
Do note that the password generated here is considered temporary, as
previously pointed out by Chiradeep in another thread.
Thanks
Amogh
On 10/24/14 5:31 PM, Nux! n...@li.nux.ro wrote:
Imho, considering the password is not very secure (it's missing
symbols), we should increase the length.
For my personal stuff I default to 15 chars.
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
- Original Message -
From: Amogh Vasekar amogh.vase...@citrix.com
To: dev@cloudstack.apache.org
Cc: laszlo hornyak laszlo.horn...@gmail.com
Sent: Saturday, 25 October, 2014 00:37:07
Subject: Re: vm.password.length issue in 4.4.1-SNAPSHOT
Hi Laszlo,
Any comments on the below? I agree adding 3 characters is a bug and
willing to fix it.
In addition, Ian, I believe we should set a minimum allowed value
for the config value vm.password.length. Any objections to setting
the minimum to 8, the previous default?
Thanks
Amogh
On 10/13/14 5:34 PM, Ian Duffy i...@ianduffy.ie wrote:
The only other usage of it is within
server/src/com/cloud/server/ConfigurationServerImpl.java
Its used for creating a Secondary storage vm copy password.
I'm seeing absolutely no reason why we have 3 values going in no
matter what, I'm willing to say its a bug. I'm curious to why the
tests are written to deal with it though
On 14 October 2014 00:26, Nux! n...@li.nux.ro wrote:
Well, it's a bit messy, but still better than the old password length.
Ideally this should get clarified/fixed, but for now I am happy
with my
long+3 password! :)
Cheers,
Lucian
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
- Original Message -
From: Ian Duffy i...@ianduffy.ie
To: CloudStack Dev dev@cloudstack.apache.org
Cc: laszlo hornyak laszlo.horn...@gmail.com
Sent: Monday, 13 October, 2014 19:54:53
Subject: Re: vm.password.length issue in 4.4.1-SNAPSHOT
Hey Nux,
So I passed this work off to a util class that was already
present
in
the
code base PasswordGenerator
@Override
public String generateRandomPassword() {
Integer passwordLength =
Integer.parseInt(_configDao.getValue(vm.password.length));
return
PasswordGenerator.generateRandomPassword(passwordLength);
}
Not a clue why but the generateRandomPassword method creates a
random
3-character string first then loops through to generate n
random
characters.
public static String generateRandomPassword(int num) {
Random r = new SecureRandom();
StringBuilder password = new StringBuilder();
// Generate random 3-character string with a lowercase
character,
// uppercase character, and a digit
password.append(generateLowercaseChar(r)).append(generateUppercase
Char(
r)
).append(generateDigit(r));
// Generate a random n-character string with only lowercase
// characters
for (int i = 0; i num; i++) {
password.append(generateLowercaseChar(r));
}
return password.toString();
}
The unit tests seem to accommodate for this aswell:
// actual length is requested length + 3
Assert.assertTrue(PasswordGenerator.generateRandomPassword(0).leng
th()
==
3);
Assert.assertTrue(PasswordGenerator.generateRandomPassword(1).leng
th()
==
4);
I'm guessing there's some reasoning for this CCing Laszlo
who
according
to git log did some work on this class.
Thanks,
Ian
On 13 October 2014 19:39, Nux! n...@li.nux.ro wrote:
Hello,
First of all THANKS! to whoever made this feature happen
(Ian I
guess).
Now we can set more secure passwords generated for our instances.
Second, the feature works, but with a small glitch, the number
seems
to
be
affected by some sort of offset. I.e. if I set the password to
be
15
Re: vm.password.length issue in 4.4.1-SNAPSHOT
Amogh,
I know. In reality it will be used by people until the end of time, you know
how it is.
It's not costing us anything to default to better values rather than just wash
our hands of it.
My 2 pence
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
- Original Message -
From: Amogh Vasekar amogh.vase...@citrix.com
To: dev@cloudstack.apache.org
Cc: laszlo hornyak laszlo.horn...@gmail.com
Sent: Saturday, 25 October, 2014 01:41:47
Subject: Re: vm.password.length issue in 4.4.1-SNAPSHOT
Do note that the password generated here is considered temporary, as
previously pointed out by Chiradeep in another thread.
Thanks
Amogh
On 10/24/14 5:31 PM, Nux! n...@li.nux.ro wrote:
Imho, considering the password is not very secure (it's missing symbols),
we should increase the length.
For my personal stuff I default to 15 chars.
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
- Original Message -
From: Amogh Vasekar amogh.vase...@citrix.com
To: dev@cloudstack.apache.org
Cc: laszlo hornyak laszlo.horn...@gmail.com
Sent: Saturday, 25 October, 2014 00:37:07
Subject: Re: vm.password.length issue in 4.4.1-SNAPSHOT
Hi Laszlo,
Any comments on the below? I agree adding 3 characters is a bug and
willing to fix it.
In addition, Ian, I believe we should set a minimum allowed value for
the
config value vm.password.length. Any objections to setting the minimum
to
8, the previous default?
Thanks
Amogh
On 10/13/14 5:34 PM, Ian Duffy i...@ianduffy.ie wrote:
The only other usage of it is within
server/src/com/cloud/server/ConfigurationServerImpl.java
Its used for creating a Secondary storage vm copy password.
I'm seeing absolutely no reason why we have 3 values going in no matter
what, I'm willing to say its a bug. I'm curious to why the tests are
written to deal with it though
On 14 October 2014 00:26, Nux! n...@li.nux.ro wrote:
Well, it's a bit messy, but still better than the old password length.
Ideally this should get clarified/fixed, but for now I am happy with
my
long+3 password! :)
Cheers,
Lucian
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
- Original Message -
From: Ian Duffy i...@ianduffy.ie
To: CloudStack Dev dev@cloudstack.apache.org
Cc: laszlo hornyak laszlo.horn...@gmail.com
Sent: Monday, 13 October, 2014 19:54:53
Subject: Re: vm.password.length issue in 4.4.1-SNAPSHOT
Hey Nux,
So I passed this work off to a util class that was already present
in
the
code base PasswordGenerator
@Override
public String generateRandomPassword() {
Integer passwordLength =
Integer.parseInt(_configDao.getValue(vm.password.length));
return
PasswordGenerator.generateRandomPassword(passwordLength);
}
Not a clue why but the generateRandomPassword method creates a
random
3-character string first then loops through to generate n random
characters.
public static String generateRandomPassword(int num) {
Random r = new SecureRandom();
StringBuilder password = new StringBuilder();
// Generate random 3-character string with a lowercase
character,
// uppercase character, and a digit
password.append(generateLowercaseChar(r)).append(generateUppercaseChar(
r)
).append(generateDigit(r));
// Generate a random n-character string with only lowercase
// characters
for (int i = 0; i num; i++) {
password.append(generateLowercaseChar(r));
}
return password.toString();
}
The unit tests seem to accommodate for this aswell:
// actual length is requested length + 3
Assert.assertTrue(PasswordGenerator.generateRandomPassword(0).length()
==
3);
Assert.assertTrue(PasswordGenerator.generateRandomPassword(1).length()
==
4);
I'm guessing there's some reasoning for this CCing Laszlo who
according
to git log did some work on this class.
Thanks,
Ian
On 13 October 2014 19:39, Nux! n...@li.nux.ro wrote:
Hello,
First of all THANKS! to whoever made this feature happen (Ian I
guess).
Now we can set more secure passwords generated for our instances.
Second, the feature works, but with a small glitch, the number
seems
to
be
affected by some sort of offset. I.e. if I set the password to be
15
chars
in length then the generated password will actually be 18 chars.
In order to get a 15 chars long passwd I had to set
vm.password.length
to
12. Bug or feature? :)
Lucian
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
Re: vm.password.length issue in 4.4.1-SNAPSHOT
Hi Laszlo,
Any comments on the below? I agree adding 3 characters is a bug and
willing to fix it.
In addition, Ian, I believe we should set a minimum allowed value for the
config value vm.password.length. Any objections to setting the minimum to
8, the previous default?
Thanks
Amogh
On 10/13/14 5:34 PM, Ian Duffy i...@ianduffy.ie wrote:
The only other usage of it is within
server/src/com/cloud/server/ConfigurationServerImpl.java
Its used for creating a Secondary storage vm copy password.
I'm seeing absolutely no reason why we have 3 values going in no matter
what, I'm willing to say its a bug. I'm curious to why the tests are
written to deal with it though
On 14 October 2014 00:26, Nux! n...@li.nux.ro wrote:
Well, it's a bit messy, but still better than the old password length.
Ideally this should get clarified/fixed, but for now I am happy with my
long+3 password! :)
Cheers,
Lucian
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
- Original Message -
From: Ian Duffy i...@ianduffy.ie
To: CloudStack Dev dev@cloudstack.apache.org
Cc: laszlo hornyak laszlo.horn...@gmail.com
Sent: Monday, 13 October, 2014 19:54:53
Subject: Re: vm.password.length issue in 4.4.1-SNAPSHOT
Hey Nux,
So I passed this work off to a util class that was already present in
the
code base PasswordGenerator
@Override
public String generateRandomPassword() {
Integer passwordLength =
Integer.parseInt(_configDao.getValue(vm.password.length));
return
PasswordGenerator.generateRandomPassword(passwordLength);
}
Not a clue why but the generateRandomPassword method creates a random
3-character string first then loops through to generate n random
characters.
public static String generateRandomPassword(int num) {
Random r = new SecureRandom();
StringBuilder password = new StringBuilder();
// Generate random 3-character string with a lowercase
character,
// uppercase character, and a digit
password.append(generateLowercaseChar(r)).append(generateUppercaseChar(r)
).append(generateDigit(r));
// Generate a random n-character string with only lowercase
// characters
for (int i = 0; i num; i++) {
password.append(generateLowercaseChar(r));
}
return password.toString();
}
The unit tests seem to accommodate for this aswell:
// actual length is requested length + 3
Assert.assertTrue(PasswordGenerator.generateRandomPassword(0).length() ==
3);
Assert.assertTrue(PasswordGenerator.generateRandomPassword(1).length() ==
4);
I'm guessing there's some reasoning for this CCing Laszlo who
according
to git log did some work on this class.
Thanks,
Ian
On 13 October 2014 19:39, Nux! n...@li.nux.ro wrote:
Hello,
First of all THANKS! to whoever made this feature happen (Ian I
guess).
Now we can set more secure passwords generated for our instances.
Second, the feature works, but with a small glitch, the number seems
to
be
affected by some sort of offset. I.e. if I set the password to be 15
chars
in length then the generated password will actually be 18 chars.
In order to get a 15 chars long passwd I had to set
vm.password.length
to
12. Bug or feature? :)
Lucian
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
Re: vm.password.length issue in 4.4.1-SNAPSHOT
Imho, considering the password is not very secure (it's missing symbols), we
should increase the length.
For my personal stuff I default to 15 chars.
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
- Original Message -
From: Amogh Vasekar amogh.vase...@citrix.com
To: dev@cloudstack.apache.org
Cc: laszlo hornyak laszlo.horn...@gmail.com
Sent: Saturday, 25 October, 2014 00:37:07
Subject: Re: vm.password.length issue in 4.4.1-SNAPSHOT
Hi Laszlo,
Any comments on the below? I agree adding 3 characters is a bug and
willing to fix it.
In addition, Ian, I believe we should set a minimum allowed value for the
config value vm.password.length. Any objections to setting the minimum to
8, the previous default?
Thanks
Amogh
On 10/13/14 5:34 PM, Ian Duffy i...@ianduffy.ie wrote:
The only other usage of it is within
server/src/com/cloud/server/ConfigurationServerImpl.java
Its used for creating a Secondary storage vm copy password.
I'm seeing absolutely no reason why we have 3 values going in no matter
what, I'm willing to say its a bug. I'm curious to why the tests are
written to deal with it though
On 14 October 2014 00:26, Nux! n...@li.nux.ro wrote:
Well, it's a bit messy, but still better than the old password length.
Ideally this should get clarified/fixed, but for now I am happy with my
long+3 password! :)
Cheers,
Lucian
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
- Original Message -
From: Ian Duffy i...@ianduffy.ie
To: CloudStack Dev dev@cloudstack.apache.org
Cc: laszlo hornyak laszlo.horn...@gmail.com
Sent: Monday, 13 October, 2014 19:54:53
Subject: Re: vm.password.length issue in 4.4.1-SNAPSHOT
Hey Nux,
So I passed this work off to a util class that was already present in
the
code base PasswordGenerator
@Override
public String generateRandomPassword() {
Integer passwordLength =
Integer.parseInt(_configDao.getValue(vm.password.length));
return
PasswordGenerator.generateRandomPassword(passwordLength);
}
Not a clue why but the generateRandomPassword method creates a random
3-character string first then loops through to generate n random
characters.
public static String generateRandomPassword(int num) {
Random r = new SecureRandom();
StringBuilder password = new StringBuilder();
// Generate random 3-character string with a lowercase
character,
// uppercase character, and a digit
password.append(generateLowercaseChar(r)).append(generateUppercaseChar(r)
).append(generateDigit(r));
// Generate a random n-character string with only lowercase
// characters
for (int i = 0; i num; i++) {
password.append(generateLowercaseChar(r));
}
return password.toString();
}
The unit tests seem to accommodate for this aswell:
// actual length is requested length + 3
Assert.assertTrue(PasswordGenerator.generateRandomPassword(0).length() ==
3);
Assert.assertTrue(PasswordGenerator.generateRandomPassword(1).length() ==
4);
I'm guessing there's some reasoning for this CCing Laszlo who
according
to git log did some work on this class.
Thanks,
Ian
On 13 October 2014 19:39, Nux! n...@li.nux.ro wrote:
Hello,
First of all THANKS! to whoever made this feature happen (Ian I
guess).
Now we can set more secure passwords generated for our instances.
Second, the feature works, but with a small glitch, the number seems
to
be
affected by some sort of offset. I.e. if I set the password to be 15
chars
in length then the generated password will actually be 18 chars.
In order to get a 15 chars long passwd I had to set
vm.password.length
to
12. Bug or feature? :)
Lucian
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
Re: vm.password.length issue in 4.4.1-SNAPSHOT
Do note that the password generated here is considered temporary, as
previously pointed out by Chiradeep in another thread.
Thanks
Amogh
On 10/24/14 5:31 PM, Nux! n...@li.nux.ro wrote:
Imho, considering the password is not very secure (it's missing symbols),
we should increase the length.
For my personal stuff I default to 15 chars.
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
- Original Message -
From: Amogh Vasekar amogh.vase...@citrix.com
To: dev@cloudstack.apache.org
Cc: laszlo hornyak laszlo.horn...@gmail.com
Sent: Saturday, 25 October, 2014 00:37:07
Subject: Re: vm.password.length issue in 4.4.1-SNAPSHOT
Hi Laszlo,
Any comments on the below? I agree adding 3 characters is a bug and
willing to fix it.
In addition, Ian, I believe we should set a minimum allowed value for
the
config value vm.password.length. Any objections to setting the minimum
to
8, the previous default?
Thanks
Amogh
On 10/13/14 5:34 PM, Ian Duffy i...@ianduffy.ie wrote:
The only other usage of it is within
server/src/com/cloud/server/ConfigurationServerImpl.java
Its used for creating a Secondary storage vm copy password.
I'm seeing absolutely no reason why we have 3 values going in no matter
what, I'm willing to say its a bug. I'm curious to why the tests are
written to deal with it though
On 14 October 2014 00:26, Nux! n...@li.nux.ro wrote:
Well, it's a bit messy, but still better than the old password length.
Ideally this should get clarified/fixed, but for now I am happy with
my
long+3 password! :)
Cheers,
Lucian
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
- Original Message -
From: Ian Duffy i...@ianduffy.ie
To: CloudStack Dev dev@cloudstack.apache.org
Cc: laszlo hornyak laszlo.horn...@gmail.com
Sent: Monday, 13 October, 2014 19:54:53
Subject: Re: vm.password.length issue in 4.4.1-SNAPSHOT
Hey Nux,
So I passed this work off to a util class that was already present
in
the
code base PasswordGenerator
@Override
public String generateRandomPassword() {
Integer passwordLength =
Integer.parseInt(_configDao.getValue(vm.password.length));
return
PasswordGenerator.generateRandomPassword(passwordLength);
}
Not a clue why but the generateRandomPassword method creates a
random
3-character string first then loops through to generate n random
characters.
public static String generateRandomPassword(int num) {
Random r = new SecureRandom();
StringBuilder password = new StringBuilder();
// Generate random 3-character string with a lowercase
character,
// uppercase character, and a digit
password.append(generateLowercaseChar(r)).append(generateUppercaseChar(
r)
).append(generateDigit(r));
// Generate a random n-character string with only lowercase
// characters
for (int i = 0; i num; i++) {
password.append(generateLowercaseChar(r));
}
return password.toString();
}
The unit tests seem to accommodate for this aswell:
// actual length is requested length + 3
Assert.assertTrue(PasswordGenerator.generateRandomPassword(0).length()
==
3);
Assert.assertTrue(PasswordGenerator.generateRandomPassword(1).length()
==
4);
I'm guessing there's some reasoning for this CCing Laszlo who
according
to git log did some work on this class.
Thanks,
Ian
On 13 October 2014 19:39, Nux! n...@li.nux.ro wrote:
Hello,
First of all THANKS! to whoever made this feature happen (Ian I
guess).
Now we can set more secure passwords generated for our instances.
Second, the feature works, but with a small glitch, the number
seems
to
be
affected by some sort of offset. I.e. if I set the password to be
15
chars
in length then the generated password will actually be 18 chars.
In order to get a 15 chars long passwd I had to set
vm.password.length
to
12. Bug or feature? :)
Lucian
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
Re: vm.password.length issue in 4.4.1-SNAPSHOT
I agree adding 3 characters is a bug and willing to fix it.
Me too.. I find it very worrying that the code base has tests that
cater for bugs to be valid input.
Really makes me wonder about the quality of the product.
Anyways... I did a grep of the codebase for usage of the method. Its not
used anywhere else... (Which does make me wonder why it existed in the
first place and if its functionality has been duplicated else where)
Any objections to setting the minimum to 8, the previous default?
No objections from me.
On 25 October 2014 01:41, Amogh Vasekar amogh.vase...@citrix.com wrote:
Do note that the password generated here is considered temporary, as
previously pointed out by Chiradeep in another thread.
Thanks
Amogh
On 10/24/14 5:31 PM, Nux! n...@li.nux.ro wrote:
Imho, considering the password is not very secure (it's missing symbols),
we should increase the length.
For my personal stuff I default to 15 chars.
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
- Original Message -
From: Amogh Vasekar amogh.vase...@citrix.com
To: dev@cloudstack.apache.org
Cc: laszlo hornyak laszlo.horn...@gmail.com
Sent: Saturday, 25 October, 2014 00:37:07
Subject: Re: vm.password.length issue in 4.4.1-SNAPSHOT
Hi Laszlo,
Any comments on the below? I agree adding 3 characters is a bug and
willing to fix it.
In addition, Ian, I believe we should set a minimum allowed value for
the
config value vm.password.length. Any objections to setting the minimum
to
8, the previous default?
Thanks
Amogh
On 10/13/14 5:34 PM, Ian Duffy i...@ianduffy.ie wrote:
The only other usage of it is within
server/src/com/cloud/server/ConfigurationServerImpl.java
Its used for creating a Secondary storage vm copy password.
I'm seeing absolutely no reason why we have 3 values going in no matter
what, I'm willing to say its a bug. I'm curious to why the tests are
written to deal with it though
On 14 October 2014 00:26, Nux! n...@li.nux.ro wrote:
Well, it's a bit messy, but still better than the old password length.
Ideally this should get clarified/fixed, but for now I am happy with
my
long+3 password! :)
Cheers,
Lucian
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
- Original Message -
From: Ian Duffy i...@ianduffy.ie
To: CloudStack Dev dev@cloudstack.apache.org
Cc: laszlo hornyak laszlo.horn...@gmail.com
Sent: Monday, 13 October, 2014 19:54:53
Subject: Re: vm.password.length issue in 4.4.1-SNAPSHOT
Hey Nux,
So I passed this work off to a util class that was already present
in
the
code base PasswordGenerator
@Override
public String generateRandomPassword() {
Integer passwordLength =
Integer.parseInt(_configDao.getValue(vm.password.length));
return
PasswordGenerator.generateRandomPassword(passwordLength);
}
Not a clue why but the generateRandomPassword method creates a
random
3-character string first then loops through to generate n random
characters.
public static String generateRandomPassword(int num) {
Random r = new SecureRandom();
StringBuilder password = new StringBuilder();
// Generate random 3-character string with a lowercase
character,
// uppercase character, and a digit
password.append(generateLowercaseChar(r)).append(generateUppercaseChar(
r)
).append(generateDigit(r));
// Generate a random n-character string with only lowercase
// characters
for (int i = 0; i num; i++) {
password.append(generateLowercaseChar(r));
}
return password.toString();
}
The unit tests seem to accommodate for this aswell:
// actual length is requested length + 3
Assert.assertTrue(PasswordGenerator.generateRandomPassword(0).length()
==
3);
Assert.assertTrue(PasswordGenerator.generateRandomPassword(1).length()
==
4);
I'm guessing there's some reasoning for this CCing Laszlo who
according
to git log did some work on this class.
Thanks,
Ian
On 13 October 2014 19:39, Nux! n...@li.nux.ro wrote:
Hello,
First of all THANKS! to whoever made this feature happen (Ian I
guess).
Now we can set more secure passwords generated for our instances.
Second, the feature works, but with a small glitch, the number
seems
to
be
affected by some sort of offset. I.e. if I set the password to be
15
chars
in length then the generated password will actually be 18 chars.
In order to get a 15 chars long passwd I had to set
vm.password.length
to
12. Bug or feature? :)
Lucian
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
vm.password.length issue in 4.4.1-SNAPSHOT
Hello, First of all THANKS! to whoever made this feature happen (Ian I guess). Now we can set more secure passwords generated for our instances. Second, the feature works, but with a small glitch, the number seems to be affected by some sort of offset. I.e. if I set the password to be 15 chars in length then the generated password will actually be 18 chars. In order to get a 15 chars long passwd I had to set vm.password.length to 12. Bug or feature? :) Lucian -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro
Re: vm.password.length issue in 4.4.1-SNAPSHOT
Hey Nux,
So I passed this work off to a util class that was already present in the
code base PasswordGenerator
@Override
public String generateRandomPassword() {
Integer passwordLength =
Integer.parseInt(_configDao.getValue(vm.password.length));
return PasswordGenerator.generateRandomPassword(passwordLength);
}
Not a clue why but the generateRandomPassword method creates a random
3-character string first then loops through to generate n random characters.
public static String generateRandomPassword(int num) {
Random r = new SecureRandom();
StringBuilder password = new StringBuilder();
// Generate random 3-character string with a lowercase character,
// uppercase character, and a digit
password.append(generateLowercaseChar(r)).append(generateUppercaseChar(r)).append(generateDigit(r));
// Generate a random n-character string with only lowercase
// characters
for (int i = 0; i num; i++) {
password.append(generateLowercaseChar(r));
}
return password.toString();
}
The unit tests seem to accommodate for this aswell:
// actual length is requested length + 3
Assert.assertTrue(PasswordGenerator.generateRandomPassword(0).length() ==
3);
Assert.assertTrue(PasswordGenerator.generateRandomPassword(1).length() ==
4);
I'm guessing there's some reasoning for this CCing Laszlo who according
to git log did some work on this class.
Thanks,
Ian
On 13 October 2014 19:39, Nux! n...@li.nux.ro wrote:
Hello,
First of all THANKS! to whoever made this feature happen (Ian I guess).
Now we can set more secure passwords generated for our instances.
Second, the feature works, but with a small glitch, the number seems to be
affected by some sort of offset. I.e. if I set the password to be 15 chars
in length then the generated password will actually be 18 chars.
In order to get a 15 chars long passwd I had to set vm.password.length to
12. Bug or feature? :)
Lucian
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
Re: vm.password.length issue in 4.4.1-SNAPSHOT
Well, it's a bit messy, but still better than the old password length.
Ideally this should get clarified/fixed, but for now I am happy with my long+3
password! :)
Cheers,
Lucian
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
- Original Message -
From: Ian Duffy i...@ianduffy.ie
To: CloudStack Dev dev@cloudstack.apache.org
Cc: laszlo hornyak laszlo.horn...@gmail.com
Sent: Monday, 13 October, 2014 19:54:53
Subject: Re: vm.password.length issue in 4.4.1-SNAPSHOT
Hey Nux,
So I passed this work off to a util class that was already present in the
code base PasswordGenerator
@Override
public String generateRandomPassword() {
Integer passwordLength =
Integer.parseInt(_configDao.getValue(vm.password.length));
return PasswordGenerator.generateRandomPassword(passwordLength);
}
Not a clue why but the generateRandomPassword method creates a random
3-character string first then loops through to generate n random characters.
public static String generateRandomPassword(int num) {
Random r = new SecureRandom();
StringBuilder password = new StringBuilder();
// Generate random 3-character string with a lowercase character,
// uppercase character, and a digit
password.append(generateLowercaseChar(r)).append(generateUppercaseChar(r)).append(generateDigit(r));
// Generate a random n-character string with only lowercase
// characters
for (int i = 0; i num; i++) {
password.append(generateLowercaseChar(r));
}
return password.toString();
}
The unit tests seem to accommodate for this aswell:
// actual length is requested length + 3
Assert.assertTrue(PasswordGenerator.generateRandomPassword(0).length() ==
3);
Assert.assertTrue(PasswordGenerator.generateRandomPassword(1).length() ==
4);
I'm guessing there's some reasoning for this CCing Laszlo who according
to git log did some work on this class.
Thanks,
Ian
On 13 October 2014 19:39, Nux! n...@li.nux.ro wrote:
Hello,
First of all THANKS! to whoever made this feature happen (Ian I guess).
Now we can set more secure passwords generated for our instances.
Second, the feature works, but with a small glitch, the number seems to be
affected by some sort of offset. I.e. if I set the password to be 15 chars
in length then the generated password will actually be 18 chars.
In order to get a 15 chars long passwd I had to set vm.password.length to
12. Bug or feature? :)
Lucian
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
Re: vm.password.length issue in 4.4.1-SNAPSHOT
The only other usage of it is within
server/src/com/cloud/server/ConfigurationServerImpl.java
Its used for creating a Secondary storage vm copy password.
I'm seeing absolutely no reason why we have 3 values going in no matter
what, I'm willing to say its a bug. I'm curious to why the tests are
written to deal with it though
On 14 October 2014 00:26, Nux! n...@li.nux.ro wrote:
Well, it's a bit messy, but still better than the old password length.
Ideally this should get clarified/fixed, but for now I am happy with my
long+3 password! :)
Cheers,
Lucian
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
- Original Message -
From: Ian Duffy i...@ianduffy.ie
To: CloudStack Dev dev@cloudstack.apache.org
Cc: laszlo hornyak laszlo.horn...@gmail.com
Sent: Monday, 13 October, 2014 19:54:53
Subject: Re: vm.password.length issue in 4.4.1-SNAPSHOT
Hey Nux,
So I passed this work off to a util class that was already present in the
code base PasswordGenerator
@Override
public String generateRandomPassword() {
Integer passwordLength =
Integer.parseInt(_configDao.getValue(vm.password.length));
return PasswordGenerator.generateRandomPassword(passwordLength);
}
Not a clue why but the generateRandomPassword method creates a random
3-character string first then loops through to generate n random
characters.
public static String generateRandomPassword(int num) {
Random r = new SecureRandom();
StringBuilder password = new StringBuilder();
// Generate random 3-character string with a lowercase character,
// uppercase character, and a digit
password.append(generateLowercaseChar(r)).append(generateUppercaseChar(r)).append(generateDigit(r));
// Generate a random n-character string with only lowercase
// characters
for (int i = 0; i num; i++) {
password.append(generateLowercaseChar(r));
}
return password.toString();
}
The unit tests seem to accommodate for this aswell:
// actual length is requested length + 3
Assert.assertTrue(PasswordGenerator.generateRandomPassword(0).length() ==
3);
Assert.assertTrue(PasswordGenerator.generateRandomPassword(1).length() ==
4);
I'm guessing there's some reasoning for this CCing Laszlo who
according
to git log did some work on this class.
Thanks,
Ian
On 13 October 2014 19:39, Nux! n...@li.nux.ro wrote:
Hello,
First of all THANKS! to whoever made this feature happen (Ian I
guess).
Now we can set more secure passwords generated for our instances.
Second, the feature works, but with a small glitch, the number seems to
be
affected by some sort of offset. I.e. if I set the password to be 15
chars
in length then the generated password will actually be 18 chars.
In order to get a 15 chars long passwd I had to set vm.password.length
to
12. Bug or feature? :)
Lucian
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
