Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [mosquitto-dev] [DynamicSecurity] Clarification on Encrypted password generation

Hello list,

On 17/06/2022 14.17, Roger Light wrote:
On Fri, 17 Jun 2022 at 12:52, Shan D <sdes.softdev@xxxxxxxxx> wrote:
Can I find some documentation on how to encrypted password is created?
It uses a PKCS#5 PBKDF2 hash function, with a sha512 digest and
(currently) a 12 byte salt.

Maybe some help can be found from my older experiments generating password entries compatible with mosquitto_passwd using PHP. The pre-v2 passwords, however, are only based on SHA512, post-v2 adds support for an additional type with an added PBKDF2 step. It seems like the format used in the JSON file is similar to the latter.

More details in my [blog post][1] and the [derived script][2].

PHP's [mappings to OpenSSL][3] should make the added PBKDF2 step somewhat straightforward.

Another difference is that the [JSON file format stores the salt, hash and iteration count separately][4] where mosquitto_passwd uses a concatenated colon separated string (similar to [shadow][5]).


[1]: [2]:


Back to the top