This bug is believed to be fixed in cloud-init in version 20.1. If this
is still a problem for you, please make a comment and set the state back
to New
Thank you.
** Also affects: cloud-init
Importance: Undecided
Status: New
** Changed in: cloud-init
Status: New => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1860795
Title:
cc_set_passwords is too short for RANDOM
Status in cloud-init:
Fix Released
Status in cloud-init package in Ubuntu:
Fix Released
Bug description:
PW_SET = (''.join([x for x in ascii_letters + digits
if x not in 'loLOI01']))
def rand_user_password(pwlen=9):
return util.rand_str(pwlen, select_from=PW_SET)
len(PW_SET) is 55
log_2(55^20) is 115 bits, which is above 112, which matches the default
OpenSSL SECLEVEL=2 setting in focal fossa.
Please bump PW_SET to 20, as 9 is crackable (provides 52 bits of
security which is less than SECLEVEL 0).
As I'm about to use this on a mainframe, which by definition can crack
that.
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1860795/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
