[Server-devel] xs-otp: one time passwords for the XS

Michael Stone michael at laptop.org
Fri Oct 24 14:33:31 EDT 2008

On Fri, Oct 24, 2008 at 07:02:23PM +1300, Douglas Bagnall wrote:

>2. If you want to disable root login via the system password, touch
>   /etc/xs-otp/disable-root-password.  This file will eventually exist
>   by default, but for now this option should be used with care.  It
>   *could* leave you with no way of logging into the server.

Do the XS installation instructions offer any guidance on prohibiting
booting with init=/bin/bash, booting from external media, or simply
removing the XS hard drive and manipulating it from a separate machine?

>By default xs-otp generates 520 8-character passwords containing a
>mixture of letters, numbers and some punctuation.  The passwords are
>saved in an ordered list, like this:

How many bits of entropy per password? (All the examples you showed were
printable ASCII so I assume that there are less than 64 bits of entropy
per password.)



P.S. - Interesting work; congrats on getting this far.

More information about the Server-devel mailing list