Описание
accounts: Hash account number using Salt
@alovak found that currently when we build hash of account number we do not "salt" it. Which makes it vulnerable to rainbow table attack.
What did you expect to see? I expected salt (some random number from configuration) to be used in hash.AccountNumber
I would generate salt per tenant at least (maybe per organization).
Пакеты
Наименование
github.com/moov-io/customers
go
Затронутые версииВерсия исправления
< 0.5.0
0.5.0