[jira] [Commented] (COUCHDB-2066) Don't allow stupid storage of passwords

Jan Lehnardt (JIRA) Sat, 15 Feb 2014 16:13:06 -0800

    [ 
https://issues.apache.org/jira/browse/COUCHDB-2066?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13902590#comment-13902590
 ]


Jan Lehnardt commented on COUCHDB-2066:
---------------------------------------

[~isaacs] I totally follow that train of though. But I also know that crypto is 
tricky and I don’t want to end up in a situation where we double XOR and then 
double ROT13 our PWs :)

> Don't allow stupid storage of passwords
> ---------------------------------------
>
>                 Key: COUCHDB-2066
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-2066
>             Project: CouchDB
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>            Reporter: Isaac Z. Schlueter
>
> If a password_sha/salt combination is PUT into the _users db, wrap that up in 
> PBKDF2.
> Discussion:
> https://twitter.com/janl/status/434818855626502144
> https://twitter.com/izs/status/434835388213899264
> https://twitter.com/janl/status/434835614790586368



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

[jira] [Commented] (COUCHDB-2066) Don't allow stupid storage of passwords

Reply via email to