Using pwgen creates small passwords #153

New Issue

Closed

opened 2021-04-19 12:17:11 +00:00 by roxxers · 1 comment

roxxers commented 2021-04-19 12:17:11 +00:00

Owner

Copy Link

#147 (comment)

@3wordchant I think just moving to a more native solution as a fallback would help portability. As for security, I think the default length when using pwgen is too small. Using something like pwgen 1 32 for a 32 char length is safer. The ones generated for me after the fix were 8 chars long. I'd have to research which method is best but from what I recall, urandom should be fine. Esp when secrets don't need memorisation or ease of typing like passphrases do.

https://git.autonomic.zone/coop-cloud/abra/issues/147#issuecomment-5216 > @3wordchant I think just moving to a more native solution as a fallback would help portability. As for security, I think the default length when using pwgen is too small. Using something like pwgen 1 32 for a 32 char length is safer. The ones generated for me after the fix were 8 chars long. I'd have to research which method is best but from what I recall, urandom should be fine. Esp when secrets don't need memorisation or ease of typing like passphrases do.

decentral1se added the

bug

label 2021-04-20 07:44:08 +00:00

decentral1se added this to the Beta release milestone 2021-04-20 07:44:13 +00:00

decentral1se added the

secrets

label 2021-04-20 07:44:33 +00:00

3wordchant commented 2021-04-20 09:00:41 +00:00

Owner

Copy Link

I think the length is fine when abra uses pwgen to auto-generate a token.

The problem crept in because I gave you half-baked instructions to work around #147 -- if you use this instead, you'll get passwords as long as you like:

abra app foo_bar secret generate foo_bar v2 "pwgen -s 40 1"

(The <cmd> argument to secret generate can include arguments..)

I think the length is fine when `abra` uses `pwgen` to auto-generate a token. The problem crept in because I gave you half-baked instructions to work around #147 -- if you use this instead, you'll get passwords as long as you like: abra app foo_bar secret generate foo_bar v2 "pwgen -s 40 1" (The `<cmd>` argument to `secret generate` can include arguments..)

3wordchant closed this issue 2021-04-20 09:00:41 +00:00

3wordchant referenced this issue 2021-04-20 09:04:45 +00:00

Dependency on pwqgen not mentioned in readme #147

This repo is archived. You cannot comment on issues.

No Branch/Tag Specified

Branches Tags

main

requirements-install-script

prefer-fast-option

add-bump-logic

prompt-cleanup

fix-pwgen

fix-subcommand-select

digest-version

backup_restore

command_help_2

merge-logging

monorepo

10.0.0

9.0.0

8.0.1

8.0.0

0.7.4

0.7.3

0.7.2

0.7.1

0.7.0

checkout

0.6.0

0.5.0

0.4.1

0.4.0

0.3.1

0.3.0

0.2.0

0.1.2

0.1.1

0.1.0

Labels

Clear labels   

breaking-change

Anything that breaks the existing API

  

bug

Something is not working

  

CI/CD

Anything to do with testing and infra

  

design

Anything to with UX of this tool

  

documentation

Documentation

  

duplicate

This issue or pull request already exists

  

enhancement

New feature

  

help wanted

Need some help

  

invalid

Something is wrong

  

plugin

Related to the plugin architecture

  

question

More information is needed

  

secrets

Everything to do with docker secrets

  

shell-completion

To do with shell completion

  

versioning

All the things to do with versioning apps

  

wontfix

This won't be fixed

No Label

breaking-change

bug

CI/CD

design

documentation

duplicate

enhancement

help wanted

invalid

plugin

question

secrets

shell-completion

versioning

wontfix

Milestone

Clear milestone

No items

No Milestone

Beta release

Assignees

Clear assignees

No Assignees

2 Participants

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: coop-cloud/abra#153

No description provided.