On 1 November 2013 05:07, John Arbash Meinel <[email protected]> wrote: > I'm still skeptical that we need pbkdf2 for Agent logins, though I do > like it for user logins. (We are generating 18 character passwords > because originally they were used by Mongo which "only" md5sum'd them. > We could use sha512 and 64-byte/128-hex tokens if we cared.)
I agree with this. I think we should use some much faster hash algorithm for agent passwords, which (after some relatively recent bootstrap changes) are *never* derived from the admin password, and are always random, so the key entropy is large enough to prevent a brute force search regardless of hash speed. The changes look trivial, although we'd have to be careful if we wanted to maintain backward compatibility. -- Juju-dev mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev
