On Fri, Jun 2, 2017 at 1:05 AM, John Meinel <[email protected]> wrote:
> I'll note that if you're generating a password, there really isn't a > reason to then pbkdf2 it, is there? I thought the reason to use pbkdf2 was > because it is too easy to generate SHA hashes for common *human* passwords. > But as the brute-force search spaces increases exponentially with more > bits, just generate longer passwords. > > So if you are generating a random password, just make it 50 /dev/random > bytes long, and then you can use just simple 'sha' as the mapping back to a > password hash. > MAAS clouds already include a 16-byte randomized shared secret; we don't want to create another one for this purpose; I'd rather make use of the existing secret indirectly, just to make it more difficult for attackers. In the future, I'd like to move to public-key crypto, which would make this all a moot point. Regards, Mike
-- Maas-devel mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/maas-devel
