Help Center> Cloud Container Engine> Best Practices> Cluster> Adding a Salt in the password Field When Creating a Node
View PDF

Adding a Salt in the password Field When Creating a Node

When a node is created through the API, you need to add a salt to the password field to safeguard the password. The procedure is as follows:

The salt must be set based on the password complexity requirements:

  • A string of 8–26 characters.
  • Contains at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters !@$%^-_=+[{}]:,./?
  • Cannot contain the username or the username spelled backwards.
  • Cannot contain the username, the username spelled backwards, or more than two consecutive characters in the username (for Windows ECSs).

Python

To salt a password in the Python 3.7.7 environment, perform the following steps:

  1. Add \ before $ in the salt. Generate a ciphertext password based on the updated salt. 
    python3 -c "import crypt;print(crypt.crypt('test@123', crypt.mksalt()))"

    Command output:

    $6$KZ2u71CD4JjQneAy$WF5dsoOjTgc9RD46i46cCL3H92LMEo78s0rHdfSLDE8PW7ylE2ICcxUGF7/8RBbnxW0crgA3ZGNFA0LLgFaYD0
  2. Encode the value of the password field using Base64. 
    echo -n '$6$KZ2u71CD4JjQneAy$WF5dsoOjTgc9RD46i46cCL3H92LMEo78s0rHdfSLDE8PW7ylE2ICcxUGF7/8RBbnxW0crgA3ZGNFA0LLgFaYD0' | base64 | tr "\n" " " | sed s/[[:space:]]//g

    Command output:

    JDYkS1oydTcxQ0Q0SmpRbmVBeSRXRjVkc29PalRnYzlSRDQ2aTQ2Y0NMM0g5MkxNRW83OHMwckhkZlNMREU4UFc3eWxFMklDY3hVR0Y3LzhSQmJueFcwY3JnQTNaR05GQTBMTGdGYVlEMA==

Java

To salt a password in the Java environment, perform the following steps:

  1. Obtain a random number as the salt. 
    	private static String getCharAndNumr(int length) {
        String val = "";
        Random random = new Random();
        for (int i = 0; i < length; i++) {
            // Indicates whether to output letters or digits.
            String charOrNum = random.nextInt(2) % 2 == 0 ? "char" : "num";
            // Character string
            if ("char".equalsIgnoreCase(charOrNum)) {
                // Indicates whether an upper-case or lower-case letter is obtained.
                int choice = random.nextInt(2) % 2 == 0 ? 65 : 97;
                val += (char) (choice + random.nextInt(26));
            } else if ("num".equalsIgnoreCase(charOrNum)) {// Digit
                val += String.valueOf(random.nextInt(10));
            }
        }
        return val;
    }
  2. Generate a salt. 
    	private static String generateSalt() {
        String salt;
        try {
            salt = "$6$" + getCharAndNumr(16);
        }catch (Exception e){
            salt = defaultSalt;
        }

        return salt;
    }
  3. Generate a ciphertext password based on the salt. 
      public static String getSaltPassword(String password) {
        if(StringUtils.isBlank(password)) {
            throw new BizException("password is empty");
        }

        String salt = generateSalt();

        Crypt crypt = new Crypt();
        return crypt.crypt(password, salt);
    }
  4. Encode the value of the password field using Base64. 
    (Base64.getEncoder().encodeToString(AddSaltPasswordUtil.getSaltPassword(cceNodeCreateVo.getPassword()).getBytes()))
  5. A complete example is as follows: 
    import java.util.Base64;
import java.util.Random;

import org.apache.commons.codec.digest.Crypt;
import org.apache.commons.lang.StringUtils;

public class PassWord {
	
	static String defaultSalt = null;
	
	public static void main(String[] args) throws Exception {
		System.out.println(Base64.getEncoder().encodeToString(PassWord.getSaltPassword("Customized password").getBytes()));
	}	
	
	
	//Generate a ciphertext password based on the salt.
	public static String getSaltPassword(String password) throws Exception {
        if(StringUtils.isBlank(password)) {
            throw new Exception("password is empty");
        }

        String salt = generateSalt();

        return Crypt.crypt(password, salt);
    }


	
	//Generate a salt.
	private static String generateSalt() {
        String salt;
        try {
            salt = "$6$" + getCharAndNumr(16);
        }catch (Exception e){
            salt = defaultSalt;
        }

        return salt;
    }
	
	//Obtain a random number as the salt.
	private static String getCharAndNumr(int length) {
        String val = "";
        Random random = new Random();
        for (int i = 0; i < length; i++) {
            // Indicates whether to output letters or digits.
            String charOrNum = random.nextInt(2) % 2 == 0 ? "char" : "num";
            // Character string
            if ("char".equalsIgnoreCase(charOrNum)) {
                // Indicates whether an upper-case or lower-case letter is obtained.
                int choice = random.nextInt(2) % 2 == 0 ? 65 : 97;
                val += (char) (choice + random.nextInt(26));
            } else if ("num".equalsIgnoreCase(charOrNum)) {// Digit
                val += String.valueOf(random.nextInt(10));
            }
        }
        return val;
    }
}

Go

You can use either of the following methods to salt passwords for the Go language:

Parent topic: Cluster