Consider supporting bcrypt $2y$ hash?
44 views
Skip to first unread message
CK
Jul 18, 2017, 11:03:24 PM7/18/17
to Search Guard
Hi,
As per https://stackoverflow.com/questions/15733196/where-2x-prefix-are-used-in-bcrypt, there's no functional difference between $2a$ and $2y$.
However a minor problem arises when using something like "htpasswd -nB -C 12" to generate a hash: the output has $2y$ as the variant, but these hashes are not validated by Search Guard.
Modifying $2y$ to $2a$ in sg_internal_users.yml works fine, so the question is: would it be possible for Search Guard to accept $2y$ variant hashes? Modifying the hash after it's output can be problematic.
Thanks!
CK
As per https://stackoverflow.com/questions/15733196/where-2x-prefix-are-used-in-bcrypt, there's no functional difference between $2a$ and $2y$.
However a minor problem arises when using something like "htpasswd -nB -C 12" to generate a hash: the output has $2y$ as the variant, but these hashes are not validated by Search Guard.
Modifying $2y$ to $2a$ in sg_internal_users.yml works fine, so the question is: would it be possible for Search Guard to accept $2y$ variant hashes? Modifying the hash after it's output can be problematic.
Thanks!
CK
SG
Jul 21, 2017, 10:24:07 AM7/21/17
to search...@googlegroups.com
thx, will look into it
> --
> You received this message because you are subscribed to the Google Groups "Search Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/d14a4d9b-c8d1-4953-a801-6ea919f45b1d%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
> You received this message because you are subscribed to the Google Groups "Search Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/d14a4d9b-c8d1-4953-a801-6ea919f45b1d%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
SG
Aug 11, 2017, 5:03:36 PM8/11/17
to search...@googlegroups.com
CK
Aug 11, 2017, 5:37:51 PM8/11/17
to Search Guard Community Forum
Thanks :)
CK
Sep 12, 2017, 7:57:10 PM9/12/17
to Search Guard Community Forum
Has this been implemented in SG yet? I'm running 5.5.2-16 and still can't use $2y$
Thanks!
Thanks!
Search Guard
Oct 4, 2017, 7:32:33 AM10/4/17
to Search Guard Community Forum
this will come with SG6
Reply all
Reply to author
Forward
0 new messages