[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [mosquitto-dev] [DynamicSecurity] Clarification on Encrypted password generation
|
Hi Shan,
It uses a PKCS#5 PBKDF2 hash function, with a sha512 digest and
(currently) a 12 byte salt. Both salt and resulting hash are stored
base64 encoded.
The openssl call for the hashing is:
PKCS5_PBKDF2_HMAC(password, (int)strlen(password),
pw->salt, sizeof(pw->salt), iterations,
digest, (int)hash_len, pw->password_hash);
Regards,
Roger
On Fri, 17 Jun 2022 at 12:52, Shan D <sdes.softdev@xxxxxxxxx> wrote:
>
> Hello all,
>
> I wish to be informed about what is the encryption and decryption logic for the Dynamic Security Plugin for Mosquitto.
>
> I was curious as to whether I could be able to generate the encrypted password using some shell scripts or CLI tools where I would not have create an ephemeral Docker Container to generate the dedicated `dynamic-security.json` file via a container and I could simply do it via some command line utilities like htpasswd or base64 etc.
>
> Aim: In many cases, a lot of provisioning of containers (standalone deployment with docker compose or air gap installations) requires the user to generate the credentials via some bash provisioning scripts.
>
> Can I find some documentation on how to encrypted password is created?
>
> Regards,
>
> Shan
> _______________________________________________
> mosquitto-dev mailing list
> mosquitto-dev@xxxxxxxxxxx
> To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/mosquitto-dev
