Password obfuscation

The Bridge allows two forms of password obfuscation because there are two forms of stored passwords. Passwords which are returned from the Bridge by using REST interfaces or updated configuration files use obfuscated passwords.

Passwords for user objects are stored as salted and hashed values and are obfuscated by using a uni-directional hash and are indicated in configuration files by passwords starting with an equal sign (=).

The passwords for connections and endpoints are stored as salted and encrypted values using a bi-directional encryption and are indicated in configuration files by passwords starting with an exclam (!).

While obfuscating passwords keeps the values from easy disclosure, a determined attack combined with reverse engineering the algorithms that are used might allow an attacker to gain access. Therefore, even obfuscated passwords should not be widely distributed.