Improved Credential to allow stronger password checksums.

[sbordet]

No description provided.

[joakime]

OBF can be reversed to a password.
MD5, SHA1-, SHA-256 is 1 direction, it cannot be reversed into a password.

Is that nuance worth mentioning?

[joakime]

This nuance is important for reversible passwords.

A stored password for a database connection? needs to be reversible, so that the code can actually submit that password to the database server.

A stored password for verifying a submitted password (like a user login), that can be a MD based 1-way password.

[joakime]

It's almost like describing a stored password as verifying an incoming password (all storage types supported) or obtaining an outgoing password (only reversible supported)

[sbordet]

@joakime we always had MD5, so this PR adds just a pluggable format for MD-based checksums.

I have added in the docs an example for 1-way password.

Where do you think we need to add more in the documentation?

[joakime]

Yeah, this isn't a need for a code change, it feels more documentation specific.
I'll rereview the docs shortly.

[lorban]

This change LGTM, but I would like to remind that keeping passwords as String objects is not very secure as they would be included in a heap dump for instance, so they should be kept in char[] and the array should be wiped immediately after use.

That's probably a non-issue for a short-lived command-line tool like the one here, though. And this would need to be solved in a different PR.