Moar hashing stuff

This time with less conflicts and a new file!
This commit is contained in:
Brian 'Redbeard' Harrington 2014-03-14 11:42:17 -07:00
parent f0b5b2906b
commit 98a19e6fc6

View File

@ -41,11 +41,21 @@ The following fields are not yet implemented:
##### Generating a password hash ##### Generating a password hash
You can generate a safe hash via: Generating a safe hash is important to the security of your system. Currently with updated tools like [oclhashcat](http://hashcat.net/oclhashcat/) simplified hashes like md5crypt are trivial to crack on modern GPU hardware. You can generate a "safer" hash (read: not safe, never publish your hashes publicly) via:
###### On Debian/Ubuntu (via the package "whois")
mkpasswd --method=SHA-512 --rounds=4096 mkpasswd --method=SHA-512 --rounds=4096
Using a higher number of rounds will help create more secure passwords, but given enough time, password hashes can be reversed. ###### With OpenSSL (note: this will only make md5crypt. While better than plantext it should not be considered fully secure)
openssl passwd -1
###### With Python (change password and salt values)
python -c "import crypt, getpass, pwd; print crypt.crypt('password', '\$6\$SALT\$')"
###### With Perl (change password and salt values)
perl -e 'print crypt("password","\$6\$SALT\$") . "\n"'
Using a higher number of rounds will help create more secure passwords, but given enough time, password hashes can be reversed. On most RPM based distributions there is a tool called mkpasswd available in the `expect` package, but this does not handle "rounds" nor advanced hashing algorithms.
## Custom cloud-config Parameters ## Custom cloud-config Parameters