Please support bcrypt cryptography #106
Comments
|
hey @dben, ytt has a goal to produce configuration deterministically (one example is no access to random data). bcrypt ultimately needs a salt (in addition to password and cost factor) as an input. https://godoc.org/golang.org/x/crypto/bcrypt internally uses crypt/rand to get x number of random bytes. even if we expose bcrypt function that explicitly takes salt argument, one would have to provide it via a data value (similar to password content) or hard code, and of course hard coding of salt would not be great. im curious how are you planning to use bcrypt in your configuration to understand if we can do something about it. |
cppforlife
added
the
discussion
|
closing this for now since bcrypt requires access to randomness unless salt is provided explicitly. at that point you might as well provide bcrypted password. feel free to reopen if more info arises. |
github-actions
bot
added
the
carvel triage
|
Providing the salt to make things consistent seems like a doable workaround, since the password would already need to be stored securely and the salt could be generated prior to ytt call |
pivotaljohn
removed
the
carvel triage
github-actions
bot
added
the
carvel triage
pivotaljohn
removed
the
carvel triage
|
Re-opened because we're seriously entertaining this. Exploring the viability of the "workaround" suggested, here. |
|
Another +1 on this! |
|
Any update to this? |
Hello,
I would appreciate it if YTT could support bcrypt in the same way as it does SHA256. Maybe using something like https://godoc.org/golang.org/x/crypto/bcrypt
Thanks!
The text was updated successfully, but these errors were encountered: