24 Mar
2014
24 Mar
'14
8:29 p.m.
On 2014-03-24 15:03, Sean Cody wrote:
Service accounts are created with ridiculously high entropy passwords I never record (eg. 'openssl rand 1024 | openssl dgst -sha1 | cut -f2 -d\ ').
Since Adam will undoubtedly catch this... this should read 'reasonably high entropy' given digests are a-z0-9 so the language space is reasonable entropy and (depending on who you talk to) mitigated by large string length.
You can just use 'openssl rand -base 64 1024' and combine the line feeds and get an additional 8 bits of entropy or strings < /dev/urandom blah blah blah. It all comes down to... make it random, complicated, and ridiculously annoying to type. This way you make the mechanism easier to use than just doing it manually. :)
--
Sean