Forum

Basic auth's crypt() hash string too strict

Mrten
15 January 2014, 13:39
In httpauth.c [github.com]'s find_algorithm_and_salt() I think I read that it is presumed that the format of a crypt() hash is "$id$salt$hash".

This is a relevant forum thread: http://www.hiawatha-webserver.org/forum/topic/1298

However, the crypt() hash format can be more complicated, since you can add parameters to the string as well.

I had a string like "$id$rounds=1000$salt$hash" string which failed to authenticate me until I removed the rounds=1000$ part.

I'll point to the glibc source where you can see the test-strings since I cannot find a reasonable manpage:

here: https://github.com/lattera/glibc/blob/master/crypt/sha512c-test.c
and here: https://github.com/lattera/glibc/blob/master/crypt/sha256-crypt.c


Hiawatha version:
Operating System:
Mrten
15 January 2014, 16:46
Hiawatha 9.2, btw.
Hugo Leisink
16 January 2014, 09:03
I will take a look at it for the 9.4 release. Thanks for reporting.
This topic has been closed.