Suggestion for method to generate db encryption key may be insecure

[mcpeak]

In the instructions to customize the deployment manifest for OpenStack (which are quite good btw!) the following suggestion is given to generate a "secure password" for database encryption:

md5 -qs "$(date)"

This is really not going to generate anything that's suitable for security... realistically this cuts down the range of possible values for the encryption key exponentially, especially if you know roughly when the deployment was created.

If we want to recommend a secure way to generate this password we should instruct the user to pull from /dev/random.

[cf-gitbot]

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/136696651

The labels on this github issue will be updated when the story is started.

[animatedmax]

Thanks, mcpeak, we changed the example command.

LC_ALL=C tr -dc 'A-Za-z0-9' < /dev/urandom | head -c 32 ; echo