[Git-commits] [grml/grml-autoconfig] 0db667: rewrite password generation for more secure and co...

Chris Hofstaedtler noreply at github.com
Tue Dec 10 18:01:46 CET 2024 

  Branch: refs/heads/master
  Home:   https://github.com/grml/grml-autoconfig
  Commit: 0db66767fb724ace2c9d56d4a8845194b805471d
      https://github.com/grml/grml-autoconfig/commit/0db66767fb724ace2c9d56d4a8845194b805471d
  Author: Antoine Beaupré <anarcat at debian.org>
  Date:   2024-12-09 (Mon, 09 Dec 2024)

  Changed paths:
    M autoconfig.functions

  Log Message:
  -----------
  rewrite password generation for more secure and convivial options

When I boot a GRML system with `ssh` (without arguments) right now, it
generates a 8 character, hex password. Now, I'm not a cryptographer,
but I believe that gives about 32 bits of entropy (log2(16)*8),
roughly the equivalent of a 8 character, all lowercase, [a-z]
password, which is now widely recognized to be extremely poor.

That password is generated by dumping random bytes and piping them
into hexdump, taking the first four bytes (hey, look, 32 bits again).

There are other routines in there: if pwgen, gpw, or apg are
available, they are used. But pwgen was dropped from in
2009 (#511613), and gpw is not present at all.

apg *is* in GRML_FULL, but I would argue it fares as poorly as
hexdump: with the given configuration, it also generates a
8 to 12 character, lowercase and digits "pronouncable" password. It's
hard to estimate the damage the "pronouncable" algorithm does to the
entropy, but even just relying on the 36 character possibilities (26 +
10), we end up with a meager 41 bits of entropy on those passwords.

In comparison, the passwords generated by diceware and xkcdpass each
use 6 words from a ~8000 words dictionnary, which adds up to a
whopping 77 bits of entropy, while still generating a rememberable
password, much more than apg or pwgen.

If those are not available, we fall back to a much simpler routine:
extract alphanumeric characters from /dev/urandom (non-depleting), and
dump 28 characters, which gives us 167 bits of entropy.

I'm not directly proposing to install diceware or xkcdpass here yet,
but I believe that would also be a nice addition (and I would
deprecate apg).

That's a different discussion, however: let's get rid of 8-character
passwords for now, first.


  Commit: 6e370017a04d588c2444ea87cceb9a127ba5bcd7
      https://github.com/grml/grml-autoconfig/commit/6e370017a04d588c2444ea87cceb9a127ba5bcd7
  Author: Chris Hofstaedtler <zeha at users.noreply.github.com>
  Date:   2024-12-10 (Tue, 10 Dec 2024)

  Changed paths:
    M autoconfig.functions

  Log Message:
  -----------
  Merge pull request #16 from anarcat/secure-set-passwd

rewrite password generation for more secure and convivial options


Compare: https://github.com/grml/grml-autoconfig/compare/414ab609f120...6e370017a04d

To unsubscribe from these emails, change your notification settings at https://github.com/grml/grml-autoconfig/settings/notifications

More information about the Git-commits mailing list