[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [mosquitto-dev] [DynamicSecurity] Clarification on Encrypted password generation
|
Hello list,
On 17/06/2022 14.17, Roger Light wrote:
On Fri, 17 Jun 2022 at 12:52, Shan D <sdes.softdev@xxxxxxxxx> wrote:
Can I find some documentation on how to encrypted password is created?
It uses a PKCS#5 PBKDF2 hash function, with a sha512 digest and
(currently) a 12 byte salt.
Maybe some help can be found from my older experiments generating
password entries compatible with mosquitto_passwd using PHP. The pre-v2
passwords, however, are only based on SHA512, post-v2 adds support for
an additional type with an added PBKDF2 step. It seems like the format
used in the JSON file is similar to the latter.
More details in my [blog post][1] and the [derived script][2].
PHP's [mappings to OpenSSL][3] should make the added PBKDF2 step
somewhat straightforward.
Another difference is that the [JSON file format stores the salt, hash
and iteration count separately][4] where mosquitto_passwd uses a
concatenated colon separated string (similar to [shadow][5]).
--
Regards,
Mikkel
[1]:
https://mikini.dk/2017/01/generating-passwords-for-mosquitto-mqtt-broker-using-php
[2]:
https://git.sr.ht/~mikini/hometools/tree/master/item/mosquitto_passwd.php
[3]: https://www.php.net/manual/en/function.openssl-pbkdf2.php
[4]:
https://github.com/eclipse/mosquitto/blob/4ac8c0bcc34c8640e8c6a931e8e63ea4f250c6c7/plugins/dynamic-security/clients.c#L151-L191
[5]: https://linux.die.net/man/5/shadow