Affected by 
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var CompatSalt = string([]byte{0x75, 0x82, 0x81, 0xca})
CompatSalt is because Juju 1.16 and older used a hard-coded salt to compute the password hash for all users and agents
var FastInsecureHash = false
FastInsecureHash specifies whether a fast, insecure version of the hash algorithm will be used. Changing this will cause PasswordHash to produce incompatible passwords. It should only be changed for testing purposes - to make tests run faster.
var MinAgentPasswordLength = base64.StdEncoding.EncodedLen(randomPasswordBytes)
MinAgentPasswordLength describes how long agent passwords should be. We require this length because we assume enough entropy in the Agent password that it is safe to not do extra rounds of iterated hashing.
Functions ¶
func AgentPasswordHash ¶
AgentPasswordHash returns base64-encoded one-way hash of password. This is not suitable for User passwords because those will have limited entropy (see UserPasswordHash). However, since we generate long random passwords for agents, we can trust that there is sufficient entropy to prevent brute force search. And using a faster hash allows us to restart the state machines and have 1000s of agents log in in a reasonable amount of time.
func RandomPassword ¶
RandomPassword generates a random base64-encoded password.
func RandomSalt ¶
RandomSalt generates a random base64 data suitable for using as a password salt The pbkdf2 guideline is to use 8 bytes of salt, so we do 12 raw bytes into 16 base64 bytes. (The alternative is 6 raw into 8 base64).
func UserPasswordHash ¶
UserPasswordHash returns base64-encoded one-way hash password that is computationally hard to crack by iterating through possible passwords.
Types ¶
This section is empty.
Source Files