Scale Testing: Now with profiling!
Gustavo Niemeyer
gustavo.niemeyer at canonical.com
Mon Nov 4 14:19:48 UTC 2013
On Mon, Nov 4, 2013 at 12:04 PM, John Arbash Meinel
<john at arbash-meinel.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 2013-11-04 17:52, roger peppe wrote:
>> There's no point in salting the agent passwords, and we can't
>> easily change things to salt the user passwords until none of the
>> command line tools talk directly to mongo, so I'm +1 on john's
>> patch for now.
>
> We can absolutely salt both. *Salt* is all about reading the salt from
> what you've stored in the DB and using that to compute the hash. It is
> simply to prevent rainbow attacks (precompute the hash of 1M common
> user passwords and compare it to the content in the DB.)
Roger was talking about the agent passwords, which you described as
having passwords that are "nice long random
strings". There's no "common user password" in that case.
gustavo @ http://niemeyer.net
More information about the Juju-dev
mailing list