brooklyn-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <>
Subject [jira] [Commented] (BROOKLYN-15) web-console authentication: store hashed passwords in
Date Fri, 08 Aug 2014 10:55:12 GMT


ASF GitHub Bot commented on BROOKLYN-15:

Github user sjcorbett commented on the pull request:
    Perhaps it's worth getting everyone else's opinions on a `--password` flag. @ahgittin,

> web-console authentication: store hashed passwords in
> -------------------------------------------------------------------------
>                 Key: BROOKLYN-15
>                 URL:
>             Project: Brooklyn
>          Issue Type: New Feature
>            Reporter: Aled Sage
>            Assignee: Aled Sage
> The brooklyn web-console can do user authentication - this can point at an enterprise
LDAP server, or can use the quick-and-easy username:password defined in the ~/.brooklyn/
> However, the passwords in are currently stored in plain text. Instead,
it should be hashed (using the username as a salt).
> I suggest we use SHA 256 for now. One can generate the password from the (linux / OSX)
command line with:
>     echo -n aled:mypassword | shasum -a 256
> In our code, we can then use guava's Hashing with something like:
>     Hashing.sha256().hashBytes(Charsets.US_ASCII.encode("aled:mypassword").array())
> (but note that UTF_8 is appending an extra `0` to the bytes, so gives a different sha256!
Is using US_ASCII going to be a bad idea?!)
> The file could have:
> Much longer term, we could consider using or equivalent (but
that is out of scope for this feature request).

This message was sent by Atlassian JIRA

View raw message