-
Notifications
You must be signed in to change notification settings - Fork 78
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Increase the entropy in generated PAC secrets #1663
Comments
chmouel
added a commit
to chmouel/pipelines-as-code
that referenced
this issue
Apr 15, 2024
we would hit some conflicts when generating the pac secrets, so increase the entropy of 6. The secret is composed of 62 characters (26 uppercase + 26 lowercase + 10 digits) so the total number of combinations for a string of length nn would be 62n62n. With a length of 6 there are approximately 56.8 billion possible combinations which would not conflict anymore. Fixes openshift-pipelines#1663 Signed-off-by: Chmouel Boudjnah <chmouel@redhat.com>
7 tasks
I increased the random string to 6, i didn't make it configurable since this only make more of a burden for paac to have another knob to test/validate (k8s limitations) and supports. let me know if you have a specific use case why we should give this a setting. |
chmouel
added a commit
that referenced
this issue
Apr 15, 2024
we would hit some conflicts when generating the pac secrets, so increase the entropy of 6. The secret is composed of 62 characters (26 uppercase + 26 lowercase + 10 digits) so the total number of combinations for a string of length nn would be 62n62n. With a length of 6 there are approximately 56.8 billion possible combinations which would not conflict anymore. Fixes #1663 Signed-off-by: Chmouel Boudjnah <chmouel@redhat.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When the auth secret names only have four characters of entropy, the likelihood of collisions is high especially when there are many concurrent events triggered within a namespace.
At a minimum, we should increase the number of random characters in the secret name. If possible, this can be a configurable parameter during the deployment of PAC.
The text was updated successfully, but these errors were encountered: