As we utilize the fingerprinting to protect PII it would be ideal if we could include a work factor/iteration into the fingerprint plugin:
with user_password = "password" you currently get "203f495c364d4bc6b7111e82ce0cc88d" as the result
You could add 'iterations' as an integer that would rehash the output n amount of times with the default being 1.
fingerprint {
method => "MD5"
key => "saltandpepper"
source => "user_password"
target => "hashed_password"
iterations => 4
}
The output for "password" would be "7a8b540841db8efae6a8ebac88aa39e4" as oppossed to "203f495c364d4bc6b7111e82ce0cc88d"
The is in line with data privacy best practices. It also won't break any current configs.
As we utilize the fingerprinting to protect PII it would be ideal if we could include a work factor/iteration into the fingerprint plugin:
with user_password = "password" you currently get "203f495c364d4bc6b7111e82ce0cc88d" as the result
You could add 'iterations' as an integer that would rehash the output n amount of times with the default being 1.
fingerprint {
method => "MD5"
key => "saltandpepper"
source => "user_password"
target => "hashed_password"
iterations => 4
}
The output for "password" would be "7a8b540841db8efae6a8ebac88aa39e4" as oppossed to "203f495c364d4bc6b7111e82ce0cc88d"
The is in line with data privacy best practices. It also won't break any current configs.