#6116 Increase length of passwords generated by installer
Closed: Fixed None Opened 7 years ago by mbasti.

Currently with default settings, generated password is 12 characters long, in current character set it gives entropy between 64bits and 80bits.

This entropy should be at least 128bits to feel safe nowadays, so default settings of password length should be 22. (https://en.wikipedia.org/wiki/Password_strength)

Applicable to:

  • kerberos master password
  • KRA
  • NSSDB passwords
  • temporary passwords during installation

Also we should keep 12 characters long password for temporary user and host passwords, to not force users rewrite super long passwords.


  • 51ccde2 Increase default length of auto generated passwords

Metadata Update from @mbasti:
- Issue assigned to mbasti
- Issue set to the milestone: FreeIPA 4.4.1

7 years ago

Login to comment on this ticket.