Scale Testing: Now with profiling!
roger peppe
rogpeppe at gmail.com
Fri Nov 1 12:39:29 UTC 2013
On 1 November 2013 05:07, John Arbash Meinel <john at arbash-meinel.com> wrote:
> I'm still skeptical that we need pbkdf2 for Agent logins, though I do
> like it for user logins. (We are generating 18 character passwords
> because originally they were used by Mongo which "only" md5sum'd them.
> We could use sha512 and 64-byte/128-hex tokens if we cared.)
I agree with this. I think we should use some much faster hash algorithm
for agent passwords, which (after some relatively recent bootstrap changes)
are *never* derived from the admin password, and are always random,
so the key entropy is large enough to prevent a brute force search regardless
of hash speed.
The changes look trivial, although we'd have to be careful if we wanted to
maintain backward compatibility.
More information about the Juju-dev
mailing list