Update: NEWS

author: Lars Wirzenius <liw@liw.fi> 2018-02-01 16:17:52 +0200
committer: Lars Wirzenius <liw@liw.fi> 2018-02-02 11:22:16 +0200
commit: 9ed1f7d7f5d90d03f75fd3ba97cecd9861c63818 (patch)
tree: bc0557c374caa9bd693000ac11c9ca4ae1a71d53 /NEWS
parent: 7b7f683790b0b7b8c9eae9bd62b1a1ff3b5f9dbd (diff)
download: qvisqve-9ed1f7d7f5d90d03f75fd3ba97cecd9861c63818.tar.gz
1 files changed, 13 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 9ab10b5..0a04d9a 100644
--- a/NEWS
+++ b/NEWS
@@ -6,6 +6,19 @@ This file has release notes for Salami
 Version 0.7+git, not yet released
 ---------------------------------
 
+* Salami now expects client secrets to be stored hashed in the config
+  file, instead of as cleartext, as previously. This is obviously
+  better for security: previously, anyone who could read the config
+  file would get the secret directly. Now they have to brute-force
+  guess it by hashing all possibilities.
+
+  The hashing method attempts to make such brute-forcing harder by
+  using a carefully chosen hashing algorithm (scrypt), and using
+  salting to prevent rainbow tables. For each client, a random 16 byte
+  string is generated (by reading /dev/urandom) as the salt.
+
+* A new script `salami-hash` is included to generate the hashed client
+  secrets for the Salami config file.
 
 Version 0.7, released 2018-02-01
 ---------------------------------
author	Lars Wirzenius <liw@liw.fi>	2018-02-01 16:17:52 +0200
committer	Lars Wirzenius <liw@liw.fi>	2018-02-02 11:22:16 +0200
commit	9ed1f7d7f5d90d03f75fd3ba97cecd9861c63818 (patch)
tree	bc0557c374caa9bd693000ac11c9ca4ae1a71d53 /NEWS
parent	7b7f683790b0b7b8c9eae9bd62b1a1ff3b5f9dbd (diff)
download	qvisqve-9ed1f7d7f5d90d03f75fd3ba97cecd9861c63818.tar.gz