Vesta Control Panel - Forum

Community Forum

Skip to content

Advanced search
  • Quick links
    • Main site
    • Github repo
    • Google Search
  • FAQ
  • Login
  • Register
  • Board index Main Section General Discussion
  • Search

More secure generated passwords?

General questions about VestaCP
Post Reply
  • Print view
Advanced search
4 posts • Page 1 of 1
youradds
Posts: 130
Joined: Tue Sep 01, 2015 10:16 am

More secure generated passwords?
  • Quote

Post by youradds » Mon May 08, 2017 4:58 pm

Hi,

Is there any reason the password generator only uses a-z 0-9 ? (/js/pages/add_user.js) . I tweaked mine to be 15 chars long, AND include !@$%^*_-/ as well:

Code: Select all

randomString = function() {
    var chars = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz!@$%^*_-/';
    var string_length = 15;
    var randomstring = '';
    for (var i = 0; i < string_length; i++) {
        var rnum = Math.floor(Math.random() * chars.length);
        randomstring += chars.substr(rnum, 1);
    }
    document.v_add_user.v_password.value = randomstring;
}
I don't like passwords where they don't have special charachters, as it makes it that little bit easier for hackers to guess the password ;)

Cheers

Andy
Top

ZENIX
Posts: 2
Joined: Thu Oct 05, 2017 4:33 pm

Re: More secure generated passwords?
  • Quote

Post by ZENIX » Fri Oct 20, 2017 10:44 am

Thanks a lot for this tip youradds!
Indeed, I absolutely agree with you: at least a couple of special chars and, IMHO, a 16 chars password should be the minimum!

Anyway, if you wish to improve the randomString functions on all pages (add/edit user, mail account, DB, FTP), here's my quick how-to:

1) go to the '/usr/local/vesta/web/js/pages' directory;
2) make a full backup of this folder (just in case);
3) issue the following command to add special chars in the list ('chars' var - O_o looks like VestaCP's alphabet has some typos!):

Code: Select all

sed -i 's/0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz/0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz!@$%^*_-\//g' *.js
4) issue the following command to increase password length ('string_length' var):

Code: Select all

sed -i 's/var string_length = 10/var string_length = 16/g' *.js
5) restart vesta service (I'm not sure this is needed...).

Don't forget to clear your browser's cache!

Have fun!
AC
Top

youradds
Posts: 130
Joined: Tue Sep 01, 2015 10:16 am

Re: More secure generated passwords?
  • Quote

Post by youradds » Fri Oct 20, 2017 10:50 am

Good idea to do it that way :) For a simpler method, create a file on your server called fix-passwords.sh, with the following code:

Code: Select all

cp /usr/local/vesta/web/js/pages /usr/local/vesta/web/js/pages-bak
cd /usr/local/vesta/web/js/pages
sed -i 's/0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz/0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz!@$%^*_-\//g' *.js
sed -i 's/var string_length = 10/var string_length = 16/g' *.js
Then run from SSH with:

Code: Select all

sh fix-passwords.sh
It'll do all the magic for you then (including the backup of that directory)

Cheers

Andy
Top

ZENIX
Posts: 2
Joined: Thu Oct 05, 2017 4:33 pm

Re: More secure generated passwords?
  • Quote

Post by ZENIX » Fri Oct 20, 2017 10:53 am

Yeah, great!

Thanks again!

VestaCP rulez!
Top


Post Reply
  • Print view

4 posts • Page 1 of 1

Return to “General Discussion”



  • Board index
  • All times are UTC
  • Delete all board cookies
  • The team
Powered by phpBB® Forum Software © phpBB Limited
*Original Author: Brad Veryard
*Updated to 3.2 by MannixMD
 

 

Login  •  Register

I forgot my password