gitit-users "Salt" and sha512

18 views
Skip to first unread message

Stephane Popinet

unread,
Apr 2, 2019, 12:37:38 PM4/2/19
to gitit-discuss
Dear all,

I would like to use an alternative mechanism to identify gitit users. This implies being able to validate their login/password combination, as stored in the 'gitit-users' file. Lines in this file look like this:

,("Joe Blogg",User {uUsername = "Joe Blogg", uPassword = Password {pSalt = "[WOFlN[qt>UvRl`2i1>mhaq4?9h7R<tT", pHashed = "a6083edd4697cb796820eec8f6d0335522b4dfe8173d089fc51bc83ae6fc5943db387c4560e77abf06336826561c71f02b1b45fb3a4f6562066e8ceca762d94f"}, uEmail = "joe.b...@foo.com"})

Based on this and on the corresponding gitit code here:


hashPassword salt pass = showDigest $ sha512 $ L.fromString $ salt ++ pass

One could assume that 'pHashed' above could be obtained using the following shell command:

echo '[WOFlN[qt>UvRl`2i1>mhaq4?9h7R<tTjoebloggpassword' | sha512sum

where the first part of the string is 'pSalt' above and the second part is Joe Blogg's actual password.

Unfortunately the hashes do not match. Is my interpretation of the hashing wrong? is the sha512 hashing of the Haskell library different from the sha512sum command? Is there an issue with character encoding in pSalt?

Thanks in advance for any hint,

Stephane

John MacFarlane

unread,
Apr 2, 2019, 6:12:55 PM4/2/19
to Stephane Popinet, gitit-discuss

Hm, I'm not sure why they don't match.

You could always write a little Haskell program to
generate this!
> --
> You received this message because you are subscribed to the Google Groups "gitit-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to gitit-discus...@googlegroups.com.
> To post to this group, send email to gitit-...@googlegroups.com.
> Visit this group at https://groups.google.com/group/gitit-discuss.
> For more options, visit https://groups.google.com/d/optout.

Stephane Popinet

unread,
Apr 3, 2019, 1:41:51 AM4/3/19
to gitit-discuss
Dear John et al,

Thank you very much for your answer. Meanwhile, after a good night 
sleep, I have found the solution. The command should be:

echo -n '[WOFlN[qt>UvRl`2i1>mhaq4?9h7R<tTjoebloggpassword' | sha512sum

otherwise the carriage return messes up the encoding.

cheers,

Stephane


John MacFarlane

unread,
Apr 3, 2019, 11:16:46 AM4/3/19
to Stephane Popinet, gitit-discuss

Ah, that makes sense!
Reply all
Reply to author
Forward
0 new messages