More secure generated passwords?
More secure generated passwords?
Hi,
Is there any reason the password generator only uses a-z 0-9 ? (/js/pages/add_user.js) . I tweaked mine to be 15 chars long, AND include !@$%^*_-/ as well:
I don't like passwords where they don't have special charachters, as it makes it that little bit easier for hackers to guess the password ;)
Cheers
Andy
Is there any reason the password generator only uses a-z 0-9 ? (/js/pages/add_user.js) . I tweaked mine to be 15 chars long, AND include !@$%^*_-/ as well:
Code: Select all
randomString = function() {
var chars = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz!@$%^*_-/';
var string_length = 15;
var randomstring = '';
for (var i = 0; i < string_length; i++) {
var rnum = Math.floor(Math.random() * chars.length);
randomstring += chars.substr(rnum, 1);
}
document.v_add_user.v_password.value = randomstring;
}
Cheers
Andy
Re: More secure generated passwords?
Thanks a lot for this tip youradds!
Indeed, I absolutely agree with you: at least a couple of special chars and, IMHO, a 16 chars password should be the minimum!
Anyway, if you wish to improve the randomString functions on all pages (add/edit user, mail account, DB, FTP), here's my quick how-to:
1) go to the '/usr/local/vesta/web/js/pages' directory;
2) make a full backup of this folder (just in case);
3) issue the following command to add special chars in the list ('chars' var - O_o looks like VestaCP's alphabet has some typos!):
4) issue the following command to increase password length ('string_length' var):
5) restart vesta service (I'm not sure this is needed...).
Don't forget to clear your browser's cache!
Have fun!
AC
Indeed, I absolutely agree with you: at least a couple of special chars and, IMHO, a 16 chars password should be the minimum!
Anyway, if you wish to improve the randomString functions on all pages (add/edit user, mail account, DB, FTP), here's my quick how-to:
1) go to the '/usr/local/vesta/web/js/pages' directory;
2) make a full backup of this folder (just in case);
3) issue the following command to add special chars in the list ('chars' var - O_o looks like VestaCP's alphabet has some typos!):
Code: Select all
sed -i 's/0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz/0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz!@$%^*_-\//g' *.js
Code: Select all
sed -i 's/var string_length = 10/var string_length = 16/g' *.js
Don't forget to clear your browser's cache!
Have fun!
AC
Re: More secure generated passwords?
Good idea to do it that way :) For a simpler method, create a file on your server called fix-passwords.sh, with the following code:
Then run from SSH with:
It'll do all the magic for you then (including the backup of that directory)
Cheers
Andy
Code: Select all
cp /usr/local/vesta/web/js/pages /usr/local/vesta/web/js/pages-bak
cd /usr/local/vesta/web/js/pages
sed -i 's/0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz/0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz!@$%^*_-\//g' *.js
sed -i 's/var string_length = 10/var string_length = 16/g' *.js
Code: Select all
sh fix-passwords.sh
Cheers
Andy
Re: More secure generated passwords?
Yeah, great!
Thanks again!
VestaCP rulez!
Thanks again!
VestaCP rulez!