Vesta Control Panel - Forum

Posted: **Mon May 08, 2017 4:58 pm**

Hi,

Is there any reason the password generator only uses a-z 0-9 ? (/js/pages/add_user.js) . I tweaked mine to be 15 chars long, AND include !@$%^*_-/ as well:

Code: Select all

randomString = function() {
    var chars = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz!@$%^*_-/';
    var string_length = 15;
    var randomstring = '';
    for (var i = 0; i < string_length; i++) {
        var rnum = Math.floor(Math.random() * chars.length);
        randomstring += chars.substr(rnum, 1);
    }
    document.v_add_user.v_password.value = randomstring;
}

I don't like passwords where they don't have special charachters, as it makes it that little bit easier for hackers to guess the password ;)

Cheers

Andy

Posted: **Fri Oct 20, 2017 10:44 am**

Thanks a lot for this tip youradds!
Indeed, I absolutely agree with you: at least a couple of special chars and, IMHO, a 16 chars password should be the minimum!

Anyway, if you wish to improve the randomString functions on all pages (add/edit user, mail account, DB, FTP), here's my quick how-to:

1) go to the '/usr/local/vesta/web/js/pages' directory;
2) make a full backup of this folder (just in case);
3) issue the following command to add special chars in the list ('chars' var - O_o looks like VestaCP's alphabet has some typos!):

Code: Select all

sed -i 's/0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz/0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz!@$%^*_-\//g' *.js

4) issue the following command to increase password length ('string_length' var):

Code: Select all

sed -i 's/var string_length = 10/var string_length = 16/g' *.js

5) restart vesta service (I'm not sure this is needed...).

Don't forget to clear your browser's cache!

Have fun!
AC

Posted: **Fri Oct 20, 2017 10:50 am**

Good idea to do it that way :) For a simpler method, create a file on your server called fix-passwords.sh, with the following code:

Code: Select all

cp /usr/local/vesta/web/js/pages /usr/local/vesta/web/js/pages-bak
cd /usr/local/vesta/web/js/pages
sed -i 's/0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz/0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz!@$%^*_-\//g' *.js
sed -i 's/var string_length = 10/var string_length = 16/g' *.js

Then run from SSH with:

Code: Select all

sh fix-passwords.sh

It'll do all the magic for you then (including the backup of that directory)

Cheers

Andy

Posted: **Fri Oct 20, 2017 10:53 am**

Yeah, great!

Thanks again!

VestaCP rulez!

Vesta Control Panel - Forum

More secure generated passwords?

More secure generated passwords?

Re: More secure generated passwords?

Re: More secure generated passwords?

Re: More secure generated passwords?