summaryrefslogtreecommitdiffstats
path: root/README.md
diff options
context:
space:
mode:
authorac2550 <ac2550@intl.att.com>2018-03-22 17:04:06 +0100
committerSébastien Determe <sd378r@intl.att.com>2018-03-23 08:47:07 +0000
commit5c4aee562b7fcb42f10aa62011e0ff6297cee867 (patch)
tree4be75b3f39178f36c031a28b683a302773d41485 /README.md
parent3308b5439cb1d046398744e4d913ece518de9532 (diff)
Remove client usage of md5
Md5 usage introduce a security flow by reducing the amount of test needed for a brute force attack. Change-Id: Ifa4e6259d0a3fb06c91c03d1c67470ddd02284fc Issue-ID: CLAMP-143 Signed-off-by: ac2550 <ac2550@intl.att.com>
Diffstat (limited to 'README.md')
-rw-r--r--README.md4
1 files changed, 2 insertions, 2 deletions
diff --git a/README.md b/README.md
index f9a3414a1..d129e5ba9 100644
--- a/README.md
+++ b/README.md
@@ -98,10 +98,10 @@ You can see the swagger definition for the jaxrs apis at `/restservices/clds/v1/
Credentials should be specified in `src/main/resources/clds/clds-users.json`. You might specify you own credential file by redefining the `clamp.config.files.cldsUsers` in `application.properties`.
-Passwords should be hashed using md5, then using Bcrypt :
+Passwords should be hashed using Bcrypt :
```
# pip3 install bcrypt # if you don't have the bcrypt python lib installed, should be done once.
-# python3 -c 'import bcrypt; import hashlib; m = hashlib.md5(); m.update("password".encode()); m.hexdigest(); print(bcrypt.hashpw(m.hexdigest().encode(), bcrypt.gensalt(rounds=10, prefix=b"2a")))'
+# python3 -c 'import bcrypt; print(bcrypt.hashpw("password".encode(), bcrypt.gensalt(rounds=10, prefix=b"2a")))'
```
Default credentials are admin/password and cs0008/password.