"trocla set" documentation

[dje4om]

Hi,

The documentation about "trocla set" is confusing:

" trocla set user5 mysql -p *ABC.... This will store a mysql sha1 hash for the key user5, without storing any kind of plain text password."

In fact, the hash will be rehashed by the mysql hash function, it requires a plain text password as input.

Is there any way to keep a hash value with trocla set ? it could be very useful to migrate data from a backend to another without regenerate new hashes from plain text passwords.

[dje4om]

Hi,

after some tests, it seems there is an issue.

if we set a plain password for a key, and try to set a sha512crypt (for example) hash, "trocla set" ask me a password, if i define another password than the plain password, i have an inconsistent state, with a sha512crypt which does not match the plain password already defined, and still exist.

scenario : trocla set user plain -p 'test' trocla set user sha512crypt -p 'test2'

trocla get user plain trocla get user sha512crypt => the hash match with "test2" and not "test"

We expect the plain password to be used if it exists for the key and then "trocla set user sha512crypt" don't need to ask a password if the plain password exists.

[duritong]

Hi

ok, I see your problem. But I don't fully agree with your expectation of set.

I try to define the current semantics of the set action here:

• it allows you to set a password for a specific format.
• The password that you pass in is expected to be a plaintext password, hence we format the supplied password, so that we don't store a plaintext password.

The last part is mainly due to #8.

What you are mainly lacking now is that you are able to set a certain format without being forced to pass in a plaintext password, as one might not even know it. So it should be possible to also set a format without formatting it, meaning that we already pass a formatted password. This would address what you originally tried to do.

Now comes the part where I don't agree:

We expect the plain password to be used if it exists for the key and then "trocla set user sha512crypt" don't need to ask a password if the plain password exists.

This is what the create action is for and you should use create for that.

What I'm going to do now, is to:

• Fix documentation
• Make it possible to set passwords without formatting them.

Is this fine for you?

[duritong]

Shoud be fixed in 5498dd0

[Poil]

Hi,

I think plaintext and hashed password have to be consistent. For my cases, Trocla must always save/have the plaintext password, so, if someone has to force the hashed password, Trocla must check, if they know it, if the passed hash is consistent with the plaintext pw.

Best regards,

[duritong]

While I agree that plain & formatted passwords should be consistent, this is not possible for all cases. Like the postgres format, where you need to pass additional options for the hash. What to do then? I'm simply struggling with how the UX of this would look like.

Also if trocla always has the plaintext password, then you can simply use create to get the hash and things stay consistent, why do people then even try to set the hash? I mean how did they generate it? Trocla can generate it for them.

Can we agree that documentation is now correct? And so anything on top of that would be a new behavior, so we would add a new feature. For that the best option would be to have code proposing a way to implement it.