Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Documentation for generating salted password lacking #223

Open
nnilsson123 opened this issue Jul 19, 2021 · 1 comment
Open

Documentation for generating salted password lacking #223

nnilsson123 opened this issue Jul 19, 2021 · 1 comment

Comments

@nnilsson123
Copy link

The documentation describes the process of how to generate a salted password. However, the description on point 2 really makes it very difficult to follow. It is described that "same salting rules and hash method as MySQL authentication" should be used. Presumably, this is the method referenced. This method however utilizes SHA1, whereas emqx_auth_pgsql also supports other cryptographic algorithms. In addition, there is no description about how the salt enters the equation (presumably in place of the randomized 20-bit sequence).

This really needs to be improved. I still cannot wrap my head around how to generate hashed passwords and salts in order to make the plugin able to authenticate.

IMHO, the plugin should use the methods available for cryptography in PostgreSQL, i.e. the pgcrypto crypto method, specifically designed for managing cryptography for passwords.

@nnilsson123
Copy link
Author

nnilsson123 commented Jul 20, 2021

The issue has to do with the hexstring method generating a lower-case string of the hash in hexadecimal. The hash in my database was upper-case, and the comparison is case-sensitive. This should really either be documented more carefully, or fixed!

Storing hashes in my database in lower-case solved my issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant