Dear Wiki user, You have subscribed to a wiki page or wiki category on "Couchdb Wiki" for change notification.
The "Security_Features_Overview" page has been changed by lancecarlson: https://wiki.apache.org/couchdb/Security_Features_Overview?action=diff&rev1=41&rev2=42 }}} NOTE: If you have openssl 1.0.0e or newer, the $SALT value includes a '(stdin)=' prefix. You should remove it and calculate password_sha with just the hex part. + Node JS + + {{{ + var crypto = require('crypto'); + var password = 'coolbeans'; + var salt = crypto.randomBytes(16).toString('hex'); + var hash = crypto.createHash('sha1'); + hash.update(password + salt); + var password_sha = hash.digest('hex'); + }}} + === pbkdf2 (v1.3.0 or newer) === The default password hashing scheme in version 1.3.0 and newer is now [[http://en.wikipedia.org/wiki/PBKDF2|pbkdf2]] (replacing SHA1). By using a "slower" hash function along with an iterations parameter, dictionary attacks are now much more difficult to attempt (see issue [[https://issues.apache.org/jira/browse/COUCHDB-1060|COUCHDB-1060: CouchDB should use a secure password hash method instead of the current one]]). This adds a few new keys to user documents. Here's a sample user document with username "username" and password "password": {{{
