From 594cc4551a5c8e9e24de3d8f64dded0358977ec7 Mon Sep 17 00:00:00 2001
From: "Paul.W Harvey" <csirac2@gmail.com>
Date: Sat, 30 Sep 2017 00:04:45 +1000
Subject: [PATCH] Generate stronger p12_export_password (#654) (#657)

This buys us an extra 16bits of password guessing entropy by expanding the characterset from hex to [a-zA-Z0-9_@]
---
 playbooks/facts/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/playbooks/facts/main.yml b/playbooks/facts/main.yml
index 4887bb50..02d991ff 100644
--- a/playbooks/facts/main.yml
+++ b/playbooks/facts/main.yml
@@ -30,7 +30,7 @@
 - name: Generate p12 export password
   local_action:
     module: shell
-      openssl rand -hex 4
+      openssl rand 8 | python -c 'import sys,string; chars=string.ascii_letters + string.digits + "_@"; print "".join([chars[ord(c) % 64] for c in list(sys.stdin.read())])'
   become: no
   register: p12_export_password_generated
   when: p12_export_password is not defined