-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2013-11-04 17:52, roger peppe wrote: > There's no point in salting the agent passwords, and we can't > easily change things to salt the user passwords until none of the > command line tools talk directly to mongo, so I'm +1 on john's > patch for now. >
We can absolutely salt both. *Salt* is all about reading the salt from what you've stored in the DB and using that to compute the hash. It is simply to prevent rainbow attacks (precompute the hash of 1M common user passwords and compare it to the content in the DB.) I would actually say a more secure system would require the person doing the login to do the hashing. So the agent/user would issue a "I would like to login as Foo" and then the API would respond with "give me the result of hashing your password with this salt" to which the other side would then not have to actually pass the password in plaintext. But as long as we are passing the plaintext, then we can read the DB for the salt and compute the hash(salt + plaintext-password) at that point. If a security review is going to ask us to properly salt things, we might as well do it now. I'd like to do it in a DB compatible fashion, though I guess there is always salt == null => salt = old-default mechanism. John =:-> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (Cygwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlJ3qYkACgkQJdeBCYSNAAN5xgCfc8PbSlMbS21b1plfRYJU6lT/ 5N4AniWImLh9mGlhEimcbS2jLm2pOYha =ED/k -----END PGP SIGNATURE----- -- Juju-dev mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev
