From 98a19e6fc69120e86e0b3f47c619fae9cb0aa7c2 Mon Sep 17 00:00:00 2001 From: Brian 'Redbeard' Harrington Date: Fri, 14 Mar 2014 11:42:17 -0700 Subject: [PATCH] Moar hashing stuff This time with less conflicts and a new file! --- Documentation/cloud-config.md | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/Documentation/cloud-config.md b/Documentation/cloud-config.md index b0143aa..c30d6bb 100644 --- a/Documentation/cloud-config.md +++ b/Documentation/cloud-config.md @@ -41,11 +41,21 @@ The following fields are not yet implemented: ##### Generating a password hash -You can generate a safe hash via: +Generating a safe hash is important to the security of your system. Currently with updated tools like [oclhashcat](http://hashcat.net/oclhashcat/) simplified hashes like md5crypt are trivial to crack on modern GPU hardware. You can generate a "safer" hash (read: not safe, never publish your hashes publicly) via: +###### On Debian/Ubuntu (via the package "whois") mkpasswd --method=SHA-512 --rounds=4096 -Using a higher number of rounds will help create more secure passwords, but given enough time, password hashes can be reversed. +###### With OpenSSL (note: this will only make md5crypt. While better than plantext it should not be considered fully secure) + openssl passwd -1 + +###### With Python (change password and salt values) + python -c "import crypt, getpass, pwd; print crypt.crypt('password', '\$6\$SALT\$')" + +###### With Perl (change password and salt values) + perl -e 'print crypt("password","\$6\$SALT\$") . "\n"' + +Using a higher number of rounds will help create more secure passwords, but given enough time, password hashes can be reversed. On most RPM based distributions there is a tool called mkpasswd available in the `expect` package, but this does not handle "rounds" nor advanced hashing algorithms. ## Custom cloud-config Parameters