Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [mosquitto-dev] [DynamicSecurity] Clarification on Encrypted password generation

Hi Shan,

It uses a PKCS#5 PBKDF2 hash function, with a sha512 digest and
(currently) a 12 byte salt. Both salt and resulting hash are stored
base64 encoded.

The openssl call for the hashing is:

       PKCS5_PBKDF2_HMAC(password, (int)strlen(password),
           pw->salt, sizeof(pw->salt), iterations,
           digest, (int)hash_len, pw->password_hash);



On Fri, 17 Jun 2022 at 12:52, Shan D <sdes.softdev@xxxxxxxxx> wrote:
> Hello all,
> I wish to be informed about what is the encryption and decryption logic for the Dynamic Security Plugin for Mosquitto.
> I was curious as to whether I could be able to generate the encrypted password using some shell scripts or CLI tools where I would not have create an ephemeral Docker Container to generate the dedicated `dynamic-security.json` file via a container and I could simply do it via some command line utilities like htpasswd or base64 etc.
> Aim: In many cases, a lot of provisioning of containers (standalone deployment with docker compose or air gap installations) requires the user to generate the credentials via some bash provisioning scripts.
> Can I find some documentation on how to encrypted password is created?
> Regards,
> Shan
> _______________________________________________
> mosquitto-dev mailing list
> mosquitto-dev@xxxxxxxxxxx
> To unsubscribe from this list, visit

Back to the top