Hi Roger and all,
I was playing around with the passlib python package which offers pbkdf2_sha512 encryption and I wanted to use the password generated from this function to generate users for mosquitto.
HOW TO GENERATE
from passlib.hash import pbkdf2_sha512
from secrets import token_bytes
digest = pbkdf2_sha512.using(salt=token_bytes(12), salt_size=12, rounds=101).hash('testing')
print(digest + '==') # this is required because checksum is only 86 chars long
this will generate something like:
$pbkdf2-sha512$101$RsfyboeO.Wmd2Qig$8fTVPoDsy87q9N9k52MlR9RcIF3N4SCFfft/kctp/..frxpRgBtfYhTuOrBt/clsKw83vkLvuxDka1JZCEE3hA==
we replace the first part with $7$ because that is how mosquitto understands which scheme the password hash is.
I found out that there is some inconsistency in mosquitto.
SCENARIO
Whenever there is a '.' character in the the password part of the hash or in the salt part, mosquitto discards the credentials outright.
Logs:
1678781554: Error: Unable to decode password salt for user test1, removing entry.
Is there something wrong from my part or is it a known observation about special characters in password hashes
