[Server-devel] xs-otp: one time passwords for the XS
Douglas Bagnall
douglas at paradise.net.nz
Fri Oct 24 20:51:38 EDT 2008
Michael Stone <michael at laptop.org>:
>> 2. If you want to disable root login via the system password, touch
>> /etc/xs-otp/disable-root-password. This file will eventually exist
>> by default, but for now this option should be used with care. It
>> *could* leave you with no way of logging into the server.
>
> Do the XS installation instructions offer any guidance on prohibiting
> booting with init=/bin/bash, booting from external media, or simply
> removing the XS hard drive and manipulating it from a separate machine?
No. The correct sentence would be more like "it could make logging in
a nuisance, and cause you to hate this package and/or ask for extra
support". I'll modify it.
>> By default xs-otp generates 520 8-character passwords containing a
>> mixture of letters, numbers and some punctuation. The passwords are
>> saved in an ordered list, like this:
>
> How many bits of entropy per password? (All the examples you showed were
> printable ASCII so I assume that there are less than 64 bits of entropy
> per password.)
There's 8 characters from an alphabet of 64, so 48 bits per password.
I'd be happy to increase the length but not the alphabet: the
selection is made with modulus on a byte, so it needs to be a power of
2 or you get an uneven distribution.
Douglas
More information about the Server-devel
mailing list