Dear all,
I would like to use an alternative mechanism to identify gitit users. This implies being able to validate their login/password combination, as stored in the 'gitit-users' file. Lines in this file look like this:
,("Joe Blogg",User {uUsername = "Joe Blogg", uPassword = Password {pSalt = "[WOFlN[qt>UvRl`2i1>mhaq4?9h7R<tT", pHashed = "a6083edd4697cb796820eec8f6d0335522b4dfe8173d089fc51bc83ae6fc5943db387c4560e77abf06336826561c71f02b1b45fb3a4f6562066e8ceca762d94f"}, uEmail = "
joe.b...@foo.com"})
Based on this and on the corresponding gitit code here:
hashPassword salt pass = showDigest $ sha512 $ L.fromString $ salt ++ pass
One could assume that 'pHashed' above could be obtained using the following shell command:
echo '[WOFlN[qt>UvRl`2i1>mhaq4?9h7R<tTjoebloggpassword' | sha512sum
where the first part of the string is 'pSalt' above and the second part is Joe Blogg's actual password.
Unfortunately the hashes do not match. Is my interpretation of the hashing wrong? is the sha512 hashing of the Haskell library different from the sha512sum command? Is there an issue with character encoding in pSalt?
Thanks in advance for any hint,
Stephane