Code review comment for lp:~hazmat/pyjuju/security-specification

Revision history for this message
Clint Byrum (clint-fewbar) wrote :

Hi Kapil.

I noticed you're suggesting MD5 for the password hashes. I'd suggest going 1 step further and using multiple iterations of MD5. Grid computing has made cracking a single MD5 password trivial. Hash 200,000 times, and at least you require 200,000 times more power to do a mass dictionary attack (and it shouldn't add much time considering how seldom the actual password will need to be checked.

« Back to merge proposal