diff options
author | Lars Wirzenius <liw@liw.fi> | 2018-02-01 16:17:52 +0200 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2018-02-02 11:22:16 +0200 |
commit | 9ed1f7d7f5d90d03f75fd3ba97cecd9861c63818 (patch) | |
tree | bc0557c374caa9bd693000ac11c9ca4ae1a71d53 | |
parent | 7b7f683790b0b7b8c9eae9bd62b1a1ff3b5f9dbd (diff) | |
download | qvisqve-9ed1f7d7f5d90d03f75fd3ba97cecd9861c63818.tar.gz |
Update: NEWS
-rw-r--r-- | NEWS | 13 |
1 files changed, 13 insertions, 0 deletions
@@ -6,6 +6,19 @@ This file has release notes for Salami Version 0.7+git, not yet released --------------------------------- +* Salami now expects client secrets to be stored hashed in the config + file, instead of as cleartext, as previously. This is obviously + better for security: previously, anyone who could read the config + file would get the secret directly. Now they have to brute-force + guess it by hashing all possibilities. + + The hashing method attempts to make such brute-forcing harder by + using a carefully chosen hashing algorithm (scrypt), and using + salting to prevent rainbow tables. For each client, a random 16 byte + string is generated (by reading /dev/urandom) as the salt. + +* A new script `salami-hash` is included to generate the hashed client + secrets for the Salami config file. Version 0.7, released 2018-02-01 --------------------------------- |