diff options
-rw-r--r-- | NEWS | 13 |
1 files changed, 13 insertions, 0 deletions
@@ -6,6 +6,19 @@ This file has release notes for Salami Version 0.7+git, not yet released --------------------------------- +* Salami now expects client secrets to be stored hashed in the config + file, instead of as cleartext, as previously. This is obviously + better for security: previously, anyone who could read the config + file would get the secret directly. Now they have to brute-force + guess it by hashing all possibilities. + + The hashing method attempts to make such brute-forcing harder by + using a carefully chosen hashing algorithm (scrypt), and using + salting to prevent rainbow tables. For each client, a random 16 byte + string is generated (by reading /dev/urandom) as the salt. + +* A new script `salami-hash` is included to generate the hashed client + secrets for the Salami config file. Version 0.7, released 2018-02-01 --------------------------------- |