You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by Apache Wiki <wi...@apache.org> on 2013/12/10 23:21:38 UTC
[Couchdb Wiki] Update of "Security_Features_Overview" by lancecarlson
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Couchdb Wiki" for change notification.
The "Security_Features_Overview" page has been changed by lancecarlson:
https://wiki.apache.org/couchdb/Security_Features_Overview?action=diff&rev1=41&rev2=42
}}}
NOTE: If you have openssl 1.0.0e or newer, the $SALT value includes a '(stdin)=' prefix. You should remove it and calculate password_sha with just the hex part.
+ Node JS
+
+ {{{
+ var crypto = require('crypto');
+ var password = 'coolbeans';
+ var salt = crypto.randomBytes(16).toString('hex');
+ var hash = crypto.createHash('sha1');
+ hash.update(password + salt);
+ var password_sha = hash.digest('hex');
+ }}}
+
=== pbkdf2 (v1.3.0 or newer) ===
The default password hashing scheme in version 1.3.0 and newer is now [[http://en.wikipedia.org/wiki/PBKDF2|pbkdf2]] (replacing SHA1). By using a "slower" hash function along with an iterations parameter, dictionary attacks are now much more difficult to attempt (see issue [[https://issues.apache.org/jira/browse/COUCHDB-1060|COUCHDB-1060: CouchDB should use a secure password hash method instead of the current one]]). This adds a few new keys to user documents. Here's a sample user document with username "username" and password "password":
{{{