From db71dd8c55613c4bfb740936ab52cd77df961d34 Mon Sep 17 00:00:00 2001 From: Simon Hollenbach Date: Mon, 10 Jan 2022 18:31:02 +0100 Subject: [PATCH] docs/configuration: Fix entropy for bash secret Filtering `/dev/urandom` for alphanumeric characters resulted in loss of input entropy to base64. Fixing this using a procedure with these steps: * Read 32 bytes from `/dev/urandom` (`dd`) * Base64-encode (`base64`) * Strip newlines (`tr -d`) * URL-Escape (`tr`) * Append a final newline (`echo`) This output should be equivalent to output generated using Python and OpenSSL variants mentioned in the changed document file. Newlines are stripped as `base64` wraps its output and the option to disable this (`-w 0`) is not available in all implementations. Fixes: #1511 --- docs/docs/configuration/overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/configuration/overview.md b/docs/docs/configuration/overview.md index 197c862c..35ed4be3 100644 --- a/docs/docs/configuration/overview.md +++ b/docs/docs/configuration/overview.md @@ -31,7 +31,7 @@ import TabItem from '@theme/TabItem'; ```shell - cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1 | base64 + dd if=/dev/urandom bs=32 count=1 2>/dev/null | base64 | tr -d -- '\n' | tr -- '+/' '-_'; echo ```