Improved Credential to allow stronger password checksums. #13806
Conversation
Signed-off-by: Simone Bordet <[email protected]>
| OBF:1yta1t331v8w1v9q1t331ytc <3> | ||
| MD5:5eBe2294EcD0E0F08eAb7690D2A6Ee69 <4> | ||
| ... | ||
| MD:SHA-1:E5E9Fa1bA31eCd1aE84f75CaAa474f3a663f05F4 |
There was a problem hiding this comment.
OBF can be reversed to a password.
MD5, SHA1-, SHA-256 is 1 direction, it cannot be reversed into a password.
Is that nuance worth mentioning?
There was a problem hiding this comment.
This nuance is important for reversible passwords.
A stored password for a database connection? needs to be reversible, so that the code can actually submit that password to the database server.
A stored password for verifying a submitted password (like a user login), that can be a MD based 1-way password.
There was a problem hiding this comment.
It's almost like describing a stored password as verifying an incoming password (all storage types supported) or obtaining an outgoing password (only reversible supported)
There was a problem hiding this comment.
@joakime we always had MD5, so this PR adds just a pluggable format for MD-based checksums.
I have added in the docs an example for 1-way password.
Where do you think we need to add more in the documentation?
There was a problem hiding this comment.
Yeah, this isn't a need for a code change, it feels more documentation specific.
I'll rereview the docs shortly.
2 participants
No description provided.