On Mar 2, 2011, at 8:01 PM, Justin Santa Barbara wrote:
> Also, I know security through obscurity isn't really security, but if we're
> open source, I think we must have "strong" password generation, whatever may
> or may not have been the case in the past. I suggest beefing up the
> generate_password function to make use of os.urandom (which I know isn't
> perfect either, but is probably secure enough for anyone willing to rely on a
> password)
The general process (at least in Rackspace Cloud Servers) is to create
an initial root password which we then display for the instance owner; he/she
can then shell in and change it to whatever they like. So I think that at best
the os.urandom generator should be an option, with the less secure but easier
to communicate password scheme also available.
-- Ed Leafe
_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
