openstack team mailing list archive

[Ed Leafe <ed@xxxxxxxxx>]

On Mar 2, 2011, at 8:01 PM, Justin Santa Barbara wrote:

> Also, I know security through obscurity isn't really security, but if we're open source, I think we must have "strong" password generation, whatever may or may not have been the case in the past.  I suggest beefing up the generate_password function to make use of os.urandom (which I know isn't perfect either, but is probably secure enough for anyone willing to rely on a password)

	The general process (at least in Rackspace Cloud Servers) is to create an initial root password which we then display for the instance owner; he/she can then shell in and change it to whatever they like. So I think that at best the os.urandom generator should be an option, with the less secure but easier to communicate password scheme also available.


-- Ed Leafe