dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #28639
Re: Password Generation
Thanks everybody :)
Not really fond of registrating users with queries.
I think it will effect the reporting rates in a bad way.
I think registrating users should be done through the DHIS2 interface while
giving instructions on how to use the reporting system and involving the
right people.
For now I am trying to set up a test environment that will show if DHIS2 is
supporting a set of requirements and try to document the steps needed for
the system to meet those requirements.
Attached is a draft of the requirements and a simple stand-alone .jar file
for testing purposes.
encode_password.jar<https://docs.google.com/file/d/0B-3Ir8CscLiLOW1BVlpINEdTakk/edit?usp=drive_web>
2014-03-20 11:57 GMT+01:00 Bob Jolliffe <bobjolliffe@xxxxxxxxx>:
> OK you asked for it ...
>
> Ken the algorithm is contained in the attached Password.java file (its
> based on what I figured out from the spring source code). This little java
> program takes the username and password as parameters and outputs the
> username,password and hash as recognised by dhis2.
>
> So if you have for example a csv file containing many, many users, then
> you can incorporate a script along the lines of the attached genpass.tcl to
> generate the hash codes in bulk. Or just expand the java program to read
> the csv file and possibly even write into postrgres table. (Personally I
> prefer to do do things a little bit at a time and script through psql).
> Anyway thats up to you .. the algorithm is here.
>
> There are some security considerations. The hash algorithm itself is not
> great, but you are stuck with emulating what happens inside dhis2 so no
> point tinkering with that (MD5 must seem like plaintext to the NSA
> nowadays). A more important consideration is how to generate the 45000
> passwords. I have used the makepasswd program to generate fairly cryptic
> random passwords (also in a script) but users didn't like them, naturally.
> Randy initially assigned them things like password1, password2, password3
> etc which is also not ideal.
>
> I wonder is the self registration feature an option for you? Not that
> users necessarily pick good passwords anyway :-(
>
> Regards
> Bob
>
>
> On 20 March 2014 07:18, Jason Pickering <jason.p.pickering@xxxxxxxxx>wrote:
>
>> I think Bob is the best source for this. I have some R scripts but the
>> generated password is not always correct due to peculiar methods which
>> spring uses to encrypt the passwords which elude me.
>>
>> --Sent from my mobile
>> On Mar 20, 2014 5:46 PM, "Knut Staring" <knutst@xxxxxxxxx> wrote:
>>
>>> Here are some documents that Randy Wilson shared on the list - though
>>> they state for "Hashpassword: we have not yet found a quicker way to
>>> do this than to send the excel file to Bob Jolliffe or Knut Staring
>>> (HISP). There is a special algorithm they use to create the MD5 hash
>>> password, combining the username and the assigned text password."
>>> Unfortunately I don't remember exactly how I used to do it...would be good
>>> if you share a how to when you figure it out...
>>>
>>>
>>> On Thu, Mar 20, 2014 at 7:42 AM, Jason Pickering <
>>> jason.p.pickering@xxxxxxxxx> wrote:
>>>
>>>> Hi Kenneth,
>>>>
>>>> You must look at the source code of DHIS2 and Spring in order to
>>>> understand it. It is not a simple hash, but a salted hash depending on the
>>>> username and password together. This has been previously discussed on this
>>>> list, but it is most clear by analyzing the source code.
>>>>
>>>> Best regards,
>>>> Jason
>>>>
>>>>
>>>>
>>>> On Thu, Mar 20, 2014 at 5:39 PM, Kenneth Børtveit <
>>>> kenneth.bortveit@xxxxxxxxx> wrote:
>>>>
>>>>> Hi.
>>>>>
>>>>> I am trying to generate passwords to almost 45,000 users in Rwanda.
>>>>> There is no problem in generating a random sequence of characters, the
>>>>> problem is storing it in a database.
>>>>>
>>>>> The password is stored as a hash, but I don't know which hash function
>>>>> to use.
>>>>>
>>>>> Could anybody assist?
>>>>>
>>>>> -Kenneth
>>>>>
>>>>> _______________________________________________
>>>>> Mailing list: https://launchpad.net/~dhis2-devs
>>>>> Post to : dhis2-devs@xxxxxxxxxxxxxxxxxxx
>>>>> Unsubscribe : https://launchpad.net/~dhis2-devs
>>>>> More help : https://help.launchpad.net/ListHelp
>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> Mailing list: https://launchpad.net/~dhis2-devs
>>>> Post to : dhis2-devs@xxxxxxxxxxxxxxxxxxx
>>>> Unsubscribe : https://launchpad.net/~dhis2-devs
>>>> More help : https://help.launchpad.net/ListHelp
>>>>
>>>>
>>>
>>>
>>> --
>>> Knut Staring
>>> Dept. of Informatics, University of Oslo
>>> +4791880522
>>> http://dhis2.org
>>>
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~dhis2-devs
>> Post to : dhis2-devs@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~dhis2-devs
>> More help : https://help.launchpad.net/ListHelp
>>
>>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~dhis2-devs
> Post to : dhis2-devs@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~dhis2-devs
> More help : https://help.launchpad.net/ListHelp
>
>
Attachment:
requirements.pdf
Description: Adobe PDF document
Follow ups
References