Forum
Basic auth's crypt() hash string too strict
Mrten
15 January 2014, 13:39
In httpauth.c [github.com]'s find_algorithm_and_salt() I think I read that it is presumed that the format of a crypt() hash is "$id$salt$hash".
This is a relevant forum thread: http://www.hiawatha-webserver.org/forum/topic/1298
However, the crypt() hash format can be more complicated, since you can add parameters to the string as well.
I had a string like "$id$rounds=1000$salt$hash" string which failed to authenticate me until I removed the rounds=1000$ part.
I'll point to the glibc source where you can see the test-strings since I cannot find a reasonable manpage:
here: https://github.com/lattera/glibc/blob/master/crypt/sha512c-test.c
and here: https://github.com/lattera/glibc/blob/master/crypt/sha256-crypt.c
Hiawatha version:
Operating System:
This is a relevant forum thread: http://www.hiawatha-webserver.org/forum/topic/1298
However, the crypt() hash format can be more complicated, since you can add parameters to the string as well.
I had a string like "$id$rounds=1000$salt$hash" string which failed to authenticate me until I removed the rounds=1000$ part.
I'll point to the glibc source where you can see the test-strings since I cannot find a reasonable manpage:
here: https://github.com/lattera/glibc/blob/master/crypt/sha512c-test.c
and here: https://github.com/lattera/glibc/blob/master/crypt/sha256-crypt.c
Hiawatha version:
Operating System:
Mrten
15 January 2014, 16:46
Hiawatha 9.2, btw.
Hugo Leisink
16 January 2014, 09:03
I will take a look at it for the 9.4 release. Thanks for reporting.
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
