Hashing Credentials
Passwords, authorization tokens, and other credentials should never be stored in plain text. Instead, they should be hashed using a secure hashing algorithm. This ensures that even if the data is compromised, the original credentials cannot be recovered.
The tool that is provided in the directory tools/hashcreds can be used to create hashed credentials for the ACME CSE, especially for the password and token files for HTTP and WebSocket authentication in the certs directory. See Certificates for more information.
Running
The tool can be used by running the command from the tools/hashcreds
directory.
The tool requires two arguments: the password or token to be hashed, and a secret. This secret or salt value should be a secret value that is unique to the installation. It must be the same value that is configured for the CSE's secret. The salt value is used to make the hash unique and to prevent dictionary attacks.
This will create a hashed version of the password myPassword
and print it to the console. This hash can then be copied to the password or token file in the certs directory.