[one-users] ONE_AUTH file encryption

Ruben S. Montero rubensm at dacya.ucm.es
Wed Feb 17 14:19:22 PST 2010


Hi David

You are right SHA1 is no the strongest way to secure a password, but
note also that we rely on the file system security mechanisms to
protect the password. However, I think you are not too late, as we
will be working in the user system for the next release...

Cheers

Ruben



On Wed, Feb 17, 2010 at 5:44 PM, David O'Callaghan
<david.ocallaghan at cs.tcd.ie> wrote:
> Hi,
>
> On 17/02/10 10:04, Jeroen Nijhof wrote:
>> Just an idea but why not using the sha1 encrypted string in the ONE_AUTH
>> file?
> [...]
>> I can supply a patch for implementing this but I need to know if it's a
>> good idea...
>
> I'm jumping into a conversation which I haven't been following closely,
> so sorry if I'm missing something, but
> http://codahale.com/how-to-safely-store-a-password/ explains why SHA1 et
> al. are not suitable for storing password hashes.
>
> However, if this is for compatibility with existing services, etc. then
> I guess it's too late!
>
> Kind regards,
>
> David
>
>
>
> --
> Ánra Taighde - Scoil na hEolaíochta Ríomhaireachta ⁊ na Staitisticí,
>  Coláiste na Tríonóide, Baile Átha Cliath 2
> Research Fellow - School of Computer Science & Statistics,
>  Trinity College, Dublin 2          Guthán / Telephone: +353 1 896 1536
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>



-- 
Dr. Ruben Santiago Montero
Associate Professor, Complutense University of Madrid

URL:    http://dsa-research.org/doku.php?id=people:ruben
Weblog: http://blog.dsa-research.org/?author=7



More information about the Users mailing list