Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hasher configuration alway defaults to Base64 #320

Open
samograsic opened this issue Mar 1, 2024 · 1 comment
Open

Hasher configuration alway defaults to Base64 #320

samograsic opened this issue Mar 1, 2024 · 1 comment

Comments

@samograsic
Copy link

I am having an issue using the PBKDF2 hasher and this configuration option:
auth_opt_hasher_salt_encoding utf-8 # salt encoding, either base64 (default) or utf-8

After some debugging I found out that the utf-8 case in the pbkdf2.go always uses the default value
@iegomez
Copy link
Owner

iegomez commented Mar 16, 2024

Hey, @samograsic!

Could you provide more details? I don't think that's true, the relevant pieces are these:

// In Compare

	var salt []byte
	switch h.saltEncoding {
	case UTF8:
		salt = []byte(hashSplit[3])
	default:
		salt, err = base64.StdEncoding.DecodeString(hashSplit[3])
		if err != nil {
			log.Errorf("base64 salt error: %s", err)
			return false
		}
	}
	
// In hashWithSalt
	switch h.saltEncoding {
	case UTF8:
		buffer.WriteString(string(salt))
	default:
		buffer.WriteString(base64.StdEncoding.EncodeToString(salt))
	}

It is true that the hashed password, including everything among which is the salt, is base64 encoded, but the salt itself may be either utf8 or base64 when passed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@iegomez @samograsic