View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0001924||unreal||ircd||public||2004-07-06 17:52||2007-05-19 21:08|
|Fixed in Version||3.3-alpha0|
|Summary||0001924: cloak key generator, like './unreal gen-cloak'|
|Description||(feature request by DarkAngel)|
probably a good idea to let the thing generate 3 random a-z/A-Z/0-9 keys of 15-20 chars in length... Guaranteed to be properly random then (if done ok), since humans are usually a bit less random ;p.
Perhaps one for passwords too? Who knows.
Those are just ideas, but I can see the usefulness:)
|Tags||No tags attached.|
|3rd party modules|
|Well, I had considered something like this a long time ago when we had our makeconf stuff. The reason I never did was, people might get the idea that you do not need to have the same cloak keys on all servers and would instead generate their own cloak keys for each server.|
||Yeah, I think it's a good idea to print out a nice warning about that too :).|
Is this still needed/wanted? Personally, I've found that doing mkpasswd with a few simple keywords makes some good keys.
Perhaps ./unreal gen-cloak <something here>
The something here part can be a word or phrase, and the script runs a mkpasswd on whatever text is there and outputs keys from that (like WEP keys)
||I'd like something without user input, because.. users are most of the time not random enough at entering something.|
True. How random do we want though? Is it enough to, say, psuedorandom up a handful of bytes, pass them through auth.c::mkpass_md5() or something? Or do we want cryptographic secure (read off some stuff from /dev/random, for example)? Or what?
I'd say psuedorandom a good-sized string (60~80 bytes should be more than enough), hash (or don't and just base64encode), repeat. More than enough for good keys. Probability of generating illegal keys (due to duplicating) is pretty much nothing to worry about.
I've got a perl script to make random alphanumeric passwords. Admittedly it is quite similar to the expect script, but it should be more secure (the mkpasswd expect script has known security issues regarding its randomness)
Added the option to return multiple passes, like this:
./mkpass.pl -l 25 -c 3
||I like it, i dont trust always users making their own randomness. humans are prone to repetitiveness. good idea to have i think|
||Any reason this has to be 3.3, and not 3.2? especially if the fix to do it is trivial (esp with the code already provided to solve the problem) ?|
This is going in 3.3 because that's where new stuff goes first :P .
Depending on how big a thing it turns into, it might or might not go into 3.2.
Added in devel branch, .2410 :
184.108.40.206.220.127.116.11.2.2410 (aquanigh 20-May-07): - 0001924 - requested by syzop: Added ./unreal gencloak, which generates
18.104.22.168.22.214.171.124.2.2410 (aquanigh 20-May-07): random keys 10 ~ 20 characters in length (doesn't (yet) work for Win32).
126.96.36.199.188.8.131.52.2.2410 (aquanigh 20-May-07): - Misc fix for disabling extban chains, should've done stuff in our autoconf
184.108.40.206.220.127.116.11.2.2410 (aquanigh 20-May-07): stuff instead of hacking configure directly :P .
|2004-07-06 17:52||syzop||New Issue|
||Note Added: 0006899|
|2004-07-06 18:12||syzop||Note Added: 0006901|
||Status||new => acknowledged|
||View Status||private => public|
|2007-04-28 21:49||aquanight||Note Added: 0013919|
|2007-04-29 01:01||Stealth||Note Added: 0013921|
|2007-05-08 13:47||syzop||Note Added: 0014053|
|2007-05-09 21:29||aquanight||Note Added: 0014065|
|2007-05-09 22:54||tabrisnet||Note Added: 0014068|
|2007-05-09 23:52||Bricker||Note Added: 0014071|
|2007-05-10 10:22||tabrisnet||Note Edited: 0014068|
|2007-05-18 18:23||tabrisnet||Note Added: 0014171|
|2007-05-19 15:44||aquanight||Note Added: 0014183|
|2007-05-19 15:44||aquanight||Assigned To||=> aquanight|
|2007-05-19 15:44||aquanight||Status||acknowledged => assigned|
|2007-05-19 21:08||aquanight||Note Added: 0014187|
|2007-05-19 21:08||aquanight||Status||assigned => resolved|
|2007-05-19 21:08||aquanight||Resolution||open => fixed|
|2007-05-19 21:08||aquanight||Fixed in Version||=> 3.3-alpha0|