Difference between revisions of "Random Strong Password Generator"
m (75 is not 70) |
|||
| (27 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
| − | + | __TOC__ | |
| − | |||
== About == | == About == | ||
[[File:randpw.jpg|150px]] | [[File:randpw.jpg|150px]] | ||
| Line 6: | Line 5: | ||
This contrib provides a new shell command/tool called '''randpw''', which is a ''Random Strong Password Generator''. '''randpw''' can generate strong passwords of any given length based on a randomized set of ASCII characters and symbols. | This contrib provides a new shell command/tool called '''randpw''', which is a ''Random Strong Password Generator''. '''randpw''' can generate strong passwords of any given length based on a randomized set of ASCII characters and symbols. | ||
| + | === Version === | ||
| + | {{ #smeversion: randpw}} | ||
== Installation == | == Installation == | ||
| − | + | {{Note box|Please be aware that the current available version in the smecontribs repo is broken. Please see [[Talk:Random_Strong_Password_Generator|'''here''']] for how the code should look like. Install the contrib and change it to match the code}} | |
| − | + | The installation procedure for both SME 8 and SME 9 are the same. To install ''randpw'' enter the following command as root: | |
| − | + | yum install randpw --enablerepo=smecontribs | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | To install ''randpw'' | ||
| − | yum install randpw --enablerepo= | ||
| − | |||
| − | |||
| − | |||
After installation the ''randpw'' tool is immediately available to be used. | After installation the ''randpw'' tool is immediately available to be used. | ||
| − | |||
== Usage == | == Usage == | ||
| − | The ''randpw'' command requires | + | The ''randpw'' command requires a positive number as an argument. This number stands for the length of the to be generated password. Although any positive number can be given, a sensible length for a password should be considered. e.g. SME user passwords have a minimum length of 7 and the MySQL root password has a length of 70. Obviously a user password length is limited to what is humanly reasonable to remember, where as automated mechanisms that require a password, such as site to site VPN connections or the above MySQL example, can have longer, and thus stronger, passwords. |
Syntax: | Syntax: | ||
| Line 51: | Line 40: | ||
| + | Generate a password and store it to a shell variable: | ||
| + | MYPASS=`randpw 70` | ||
| + | |||
| + | |||
| + | Failures to generate a password are being logged in /var/log/messages. This may be helpful if a certain routine passes a non valid argument to randpw. | ||
| + | |||
| + | |||
| + | ==Password strength check== | ||
| + | You can check the strength of generated passwords [http://www.passwordmeter.com/ '''here'''.] | ||
| + | |||
| + | And if you would like to learn more in 2 minutes about predictability go [https://www.youtube.com/watch?v=DaWcL3oOd-E '''here''']. | ||
| + | |||
| + | |||
| + | == Optimization with haveged == | ||
| + | The password is being generated based on a random selection of characters and numbers. The randomness in it's turn is based on several factors and a strong randomness is important to limit the predictability of a password, and thus ''strongness'' of a password. Simply put, the strongness of randomness can be compared to a sheet of white paper with dots. The more dots, the more lines and combination of dots one can create. | ||
| + | |||
| + | |||
| + | "Dots" (entropy) are being collected by user activity like keyboard, mouse and other interaction and constantly updated in a /dev/ device. Since SME Server has little of such interaction (especially Virtial Machines), the "DOT level" may become low, and we don't want that for it will limit the number of combinations the randomizer can make between dots. As a reference, a normal level of dots averages between 2500 and 3500. | ||
| + | |||
| + | |||
| + | The Haveged deamon will help to increase/maintain the level of dots, especially on a headless server where there is little user interaction with physical keyboards, mice etc. Please read [http://www.irisa.fr/caps/projects/hipsor/ '''here'''] for more information about the Haveged daemon and technical inner working. | ||
| + | |||
| + | |||
| + | It is recommended to install the Haveged next to randpw to ensure there are enough dots available for randpw to generate a strong password. | ||
| + | |||
| + | |||
| + | Haveged is available from the [http://wiki.contribs.org/Epel epel] repository. To install it you have to enable the epel repository as described [http://wiki.contribs.org/Epel '''here''']. | ||
| + | |||
| + | |||
| + | === Installation === | ||
| + | Then you can install Haveged: | ||
| + | yum install haveged --enablerepo=epel | ||
| + | |||
| + | |||
| + | === Start at boot === | ||
| + | To make have haveged start at boot, enter the following commands: | ||
| + | ln -s /etc/rc.d/init.d/e-smith-service /etc/rc7.d/S99haveged | ||
| + | config set haveged service | ||
| + | config setprop haveged status enabled | ||
| + | |||
| + | Then start to the haveged service without rebooting | ||
| + | service haveged start | ||
| + | |||
| + | == Discussion == | ||
| + | This contrib can be discussed on the forums [http://forums.contribs.org/index.php/topic,51173.msg259403.html#msg259403 '''here'''] | ||
| + | |||
| + | === Bugs === | ||
| + | Please raise bugs under the SME-Contribs section in {{BugzillaFileBug|product=|component=|title=bugzilla}}and select the randpw component or use {{BugzillaFileBug|product=SME%20Contribs|component=srandpw|title=this link}}. | ||
| + | |||
| + | |||
| + | {{#bugzilla:columns=id,product,version,status,summary |sort=id |order=desc |component=randpw|noresultsmessage="No open bugs found."}} | ||
| + | |||
| + | ===Changelog=== | ||
| + | Only released version in smecontrib are listed here. | ||
| + | {{ #smechangelog: randpw}} | ||
[[Category:Security]] | [[Category:Security]] | ||
[[Category:Contrib]] | [[Category:Contrib]] | ||
Latest revision as of 06:43, 16 November 2016
About
This contrib provides a new shell command/tool called randpw, which is a Random Strong Password Generator. randpw can generate strong passwords of any given length based on a randomized set of ASCII characters and symbols.
Version
Installation
The installation procedure for both SME 8 and SME 9 are the same. To install randpw enter the following command as root:
yum install randpw --enablerepo=smecontribs
After installation the randpw tool is immediately available to be used.
Usage
The randpw command requires a positive number as an argument. This number stands for the length of the to be generated password. Although any positive number can be given, a sensible length for a password should be considered. e.g. SME user passwords have a minimum length of 7 and the MySQL root password has a length of 70. Obviously a user password length is limited to what is humanly reasonable to remember, where as automated mechanisms that require a password, such as site to site VPN connections or the above MySQL example, can have longer, and thus stronger, passwords.
Syntax:
randpw [n]
e.g.
randpw 75
will result in a randomly generated password which is displayed on the console e.g.:
X*oceB9i,>]qp$$.e){Tgmm1>M%ITCQI%}#p1*+C)75lJNST0n4l(4qbBW[el;TgH$VpN7KMIKK
Examples
Generate a SME user password:
randpw 7
Generate a password and store it to an SME Server db key (or db key property):
config set MyStrongPassword `randpw 70`
please note the usage of the ` character (ASCII 96) and not the ' character.
Generate a password and write it to a file:
randpw 70 > mystrongpassword.txt
Generate a password and store it to a shell variable:
MYPASS=`randpw 70`
Failures to generate a password are being logged in /var/log/messages. This may be helpful if a certain routine passes a non valid argument to randpw.
Password strength check
You can check the strength of generated passwords here.
And if you would like to learn more in 2 minutes about predictability go here.
Optimization with haveged
The password is being generated based on a random selection of characters and numbers. The randomness in it's turn is based on several factors and a strong randomness is important to limit the predictability of a password, and thus strongness of a password. Simply put, the strongness of randomness can be compared to a sheet of white paper with dots. The more dots, the more lines and combination of dots one can create.
"Dots" (entropy) are being collected by user activity like keyboard, mouse and other interaction and constantly updated in a /dev/ device. Since SME Server has little of such interaction (especially Virtial Machines), the "DOT level" may become low, and we don't want that for it will limit the number of combinations the randomizer can make between dots. As a reference, a normal level of dots averages between 2500 and 3500.
The Haveged deamon will help to increase/maintain the level of dots, especially on a headless server where there is little user interaction with physical keyboards, mice etc. Please read here for more information about the Haveged daemon and technical inner working.
It is recommended to install the Haveged next to randpw to ensure there are enough dots available for randpw to generate a strong password.
Haveged is available from the epel repository. To install it you have to enable the epel repository as described here.
Installation
Then you can install Haveged:
yum install haveged --enablerepo=epel
Start at boot
To make have haveged start at boot, enter the following commands:
ln -s /etc/rc.d/init.d/e-smith-service /etc/rc7.d/S99haveged config set haveged service config setprop haveged status enabled
Then start to the haveged service without rebooting
service haveged start
Discussion
This contrib can be discussed on the forums here
Bugs
Please raise bugs under the SME-Contribs section in bugzilla and select the randpw component or use this link .
| ID | Product | Version | Status | Summary |
|---|---|---|---|---|
| 9868 | SME Contribs | 9.1 | CONFIRMED | randpw multiple issues |
Changelog
Only released version in smecontrib are listed here.
