[libvirt] [jenkins-ci] lcitool: Use default python for creating salty passwords
Andrea Bolognani
abologna at redhat.com
Wed Feb 7 14:04:43 UTC 2018
On Wed, 2018-02-07 at 13:37 +0000, Daniel P. Berrangé wrote:
> Or can we just use openssl
>
> $ openssl passwd -crypt hello
> RtT4tOPU/wPnU
I'd love to avoid embedding a Python script in there[1], but it
doesn't look like openssl supports the same strong hashing
algorithm we're currently using, and I'm not sure modern guest OSs
would be happy with such a weak hash.
Another option would be to hard-code some pre-generated salt. I'm
not 100% clear of the security implications of doing something
like that though, to be honest.
[1] At least until the time we inevitably want to rewrite the tool
itself in Python[2], that is.
[2] Unless we decide to pick Go instead, of course :)
--
Andrea Bolognani / Red Hat / Virtualization
More information about the libvir-list
mailing list