Request for feedback: how slow is your slowest MAAS cloud?
Mike Pontillo
mike.pontillo at canonical.com
Fri Jun 2 16:16:01 UTC 2017
On Fri, Jun 2, 2017 at 1:05 AM, John Meinel <john at arbash-meinel.com> wrote:
> I'll note that if you're generating a password, there really isn't a
> reason to then pbkdf2 it, is there? I thought the reason to use pbkdf2 was
> because it is too easy to generate SHA hashes for common *human* passwords.
> But as the brute-force search spaces increases exponentially with more
> bits, just generate longer passwords.
>
> So if you are generating a random password, just make it 50 /dev/random
> bytes long, and then you can use just simple 'sha' as the mapping back to a
> password hash.
>
MAAS clouds already include a 16-byte randomized shared secret; we don't
want to create another one for this purpose; I'd rather make use of the
existing secret indirectly, just to make it more difficult for attackers.
In the future, I'd like to move to public-key crypto, which would make this
all a moot point.
Regards,
Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/maas-devel/attachments/20170602/44fcae9b/attachment.html>
More information about the Maas-devel
mailing list