diff options
| author |   ac2550 <ac2550@intl.att.com> | 2018-03-22 17:04:06 +0100 |
|---|---|---|
| committer |   Sébastien Determe <sd378r@intl.att.com> | 2018-03-23 08:47:07 +0000 |
| commit | 5c4aee562b7fcb42f10aa62011e0ff6297cee867 (patch) | |
| tree | 4be75b3f39178f36c031a28b683a302773d41485 /README.md | |
| parent | 3308b5439cb1d046398744e4d913ece518de9532 (diff) | |
Remove client usage of md5
Md5 usage introduce a security flow by reducing the amount of test needed
for a brute force attack.
Change-Id: Ifa4e6259d0a3fb06c91c03d1c67470ddd02284fc
Issue-ID: CLAMP-143
Signed-off-by: ac2550 <ac2550@intl.att.com>
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -98,10 +98,10 @@ You can see the swagger definition for the jaxrs apis at `/restservices/clds/v1/ Credentials should be specified in `src/main/resources/clds/clds-users.json`. You might specify you own credential file by redefining the `clamp.config.files.cldsUsers` in `application.properties`.
-Passwords should be hashed using md5, then using Bcrypt :
+Passwords should be hashed using Bcrypt :
```
# pip3 install bcrypt # if you don't have the bcrypt python lib installed, should be done once.
-# python3 -c 'import bcrypt; import hashlib; m = hashlib.md5(); m.update("password".encode()); m.hexdigest(); print(bcrypt.hashpw(m.hexdigest().encode(), bcrypt.gensalt(rounds=10, prefix=b"2a")))'
+# python3 -c 'import bcrypt; print(bcrypt.hashpw("password".encode(), bcrypt.gensalt(rounds=10, prefix=b"2a")))'
```
Default credentials are admin/password and cs0008/password.
|