Random Strong Password Generator

From SME Server
Revision as of 19:50, 8 October 2014 by RequestedDeletion (talk | contribs) (WIP)
Jump to navigation Jump to search
Warning.png Work in Progress:
This page is a Work in Progress. The contents off this page may be in flux, please have a look at this page history the to see list of changes.


About

 

This contrib provides a new shell command/tool called randpw, which is a Random Strong Password Generator. randpw can generate strong passwords of any given length based on a randomized set of ASCII characters and symbols.


Installation

Currently the randpw RPM is available from the xxx repository, and this repository should be enabled. Please see here on how to enable the xxx repository.

Currently only a 64-bit version is available.


[edit]

TBA

To install randpw and it's dependencies issue the following command as root:

yum install randpw --enablerepo=xxx

Note: This RPM is not yet available.

After installation the randpw tool is immediately available to be used.


Usage

The randpw command requires an positive number argument. This number stands for the length of the to be generated password. Although any positive number can be given, a sensible length for a password should be considered. e.g. SME user passwords have a minimum length of 7 and the MySQL root password has a length of 70. Obviously a user password length is limited to what is humanly reasonable to remember, where as automated mechanisms that require a password, such as site to site VPN connections or the above MySQL example, can have longer, and thus stronger, passwords.

Syntax:

randpw [n]

e.g.

randpw 75

will result in a randomly generated password which is displayed on the console e.g.:

X*oceB9i,>]qp$$.e){Tgmm1>M%ITCQI%}#p1*+C)75lJNST0n4l(4qbBW[el;TgH$VpN7KMIKK


Examples

Generate a SME user password:

randpw 7


Generate a password and store it to an SME Server db key (or db key property):

config set MyStrongPassword `randpw 70`

please note the usage of the ` character (ASCII 96) and not the ' character.


Generate a password and write it to a file:

randpw 70 > mystrongpassword.txt


Optimization with haveged

The password is being generated based on a random selection of characters and numbers. The randomness in it's turn is based on several factors and a strong randomness is important to limit the predictability of a password, and thus strongness of a password. Simply put, the strongness of randomness can be compared to a sheet of white paper with dots. The more dots, the more lines and combination of dots one can create.


"Dots" (entropy) are being collected by user activity like keyboard, mouse and other interaction and constantly updated in a /dev/ device. Since SME Server has little of such interaction, the "DOT level" may become low, and we don't want that for it will limit the number of combinations the randomizer can make between dots. As a reference, a normal level of dots averages between 2500 and 3500.


The Haveged deamon will help to increase/maintain the level of dots, especially on a headless server where there is little user interaction with physical keyboards, mice etc. Please read here for more information about the Haveged daemon and technical inner working.


It is recommended to install the Haveged to ensure there are enough dots available to generate a strong password.


Haveged is available from the epel repository. To install it you have to enable the epel repository as described here.


Installation

Then you can install Haveged:

yum install haveged --enablerepo=epel


Start at boot

ln -s /etc/rc.d/init.d/e-smith-service /etc/rc7.d/S99havegedchkconfig haveged onconfig set haveged serviceconfig setprop haveged status enabled