Scale Testing: Now with profiling!
John Arbash Meinel
john at arbash-meinel.com
Mon Nov 4 14:04:57 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 2013-11-04 17:52, roger peppe wrote:
> There's no point in salting the agent passwords, and we can't
> easily change things to salt the user passwords until none of the
> command line tools talk directly to mongo, so I'm +1 on john's
> patch for now.
>
We can absolutely salt both. *Salt* is all about reading the salt from
what you've stored in the DB and using that to compute the hash. It is
simply to prevent rainbow attacks (precompute the hash of 1M common
user passwords and compare it to the content in the DB.)
I would actually say a more secure system would require the person
doing the login to do the hashing. So the agent/user would issue a "I
would like to login as Foo" and then the API would respond with "give
me the result of hashing your password with this salt" to which the
other side would then not have to actually pass the password in plaintext.
But as long as we are passing the plaintext, then we can read the DB
for the salt and compute the hash(salt + plaintext-password) at that
point.
If a security review is going to ask us to properly salt things, we
might as well do it now. I'd like to do it in a DB compatible fashion,
though I guess there is always salt == null => salt = old-default
mechanism.
John
=:->
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (Cygwin)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlJ3qYkACgkQJdeBCYSNAAN5xgCfc8PbSlMbS21b1plfRYJU6lT/
5N4AniWImLh9mGlhEimcbS2jLm2pOYha
=ED/k
-----END PGP SIGNATURE-----
More information about the Juju-dev
mailing list