Re: Bosh VMs password encryption algorithm.


Danny Berger
 

You can use mkpasswd. The value is in the format of ${hash}${salt}${data}.

echo -n 'my-insecure-password' | mkpasswd --method=md5 --password-fd=0
$1$AiNuFf.t$1qIrn6JEoJIvcKS.jQyK50

If you don't really need md5, sha-512 is your current hash method and is
better in general...

echo -n 'my-insecure-password' | mkpasswd --method=sha-512
--password-fd=0

$6$gzz73xbNeHqD$yf1UGVJfDpykx/A8.k9mH/nzsYalO9NHkrePw17YLjMHLDaAGPMeg/I7IDWBhfYF0vqYee2Y4nQD7DbcHiqgs.

On Fri, Feb 12, 2016 at 3:05 PM, Guruprakash Srinivasamurthy <
guruprakashsrinivasamurthy(a)gmail.com> wrote:

Hi,

In the below resource pool section of the Bosh manifest, password is in
encrypted format. Now we are changing the cleartext password to something
else.

How do we encrypt those cleartext passwords and put it in the manifest ?
In other words what encryption algorithm has to be used. I tried to use
makepasswd utility in linux with MD5 algorithm and that doesn't seem to be
right.
Please advise.

resource_pools:
- cloud_properties:
cpu: 1
disk: 32768
ram: 2048
env:
bosh:
password:
$6$2f6qtRfO$oJOeKk/ZDNb7PWnvMiXDC/HstKiLiZCBHP32KHFVeM9rXgs4W/JJiI4a/eHoddhxJzorLYgi2JUQiOKxZko4M.
name: infrastructure
network: default
size: 11
stemcell:
name: bosh-vsphere-esxi-ubuntu-trusty-custom-hardened
version: 2732-1


Thanks,
Guru.


--
Danny Berger

Join cf-bosh@lists.cloudfoundry.org to automatically receive all group messages.