Open nneul opened 1 year ago
I'm not sure we should accept parameters in any order, as the PHC specifications state that:
The function MUST specify the order in which parameters may appear. Producers MUST NOT allow parameters to appear in any other order.
I cannot find the definition for scrypt, but it looks like recent versions of passlib
, as well as nodejs, indeed expects ln
, r
then p
. So I guess we need to fix what we produce, and also be more lenient in what we accept.
As for the base64 padding, it's unfortunate that the specification decided to remove it, because most of the existing base64 decoders expect it. I guess we will have to do what we already do for incoming DoH, where padding is optional (sigh), and add the padding ourselves before passing the base64 payload to the decoder.
Short description
scrypt handling for api-key and webserver-password is picky about it's format, in particular:
Environment
Steps to reproduce
generate salted/hashed pw with python:
Try using above python generated scrypt in the config and it will fail to start.
Expected behaviour
Should accept a valid scrypt pw hash, and not enforce specific format that is not required.
Actual behaviour
Failed to accept it, service won't start.
Other information