Open samograsic opened 5 months ago
Hey, @samograsic!
Could you provide more details? I don't think that's true, the relevant pieces are these:
// In Compare
var salt []byte
switch h.saltEncoding {
case UTF8:
salt = []byte(hashSplit[3])
default:
salt, err = base64.StdEncoding.DecodeString(hashSplit[3])
if err != nil {
log.Errorf("base64 salt error: %s", err)
return false
}
}
// In hashWithSalt
switch h.saltEncoding {
case UTF8:
buffer.WriteString(string(salt))
default:
buffer.WriteString(base64.StdEncoding.EncodeToString(salt))
}
It is true that the hashed password, including everything among which is the salt, is base64 encoded, but the salt itself may be either utf8 or base64 when passed.
I am having an issue using the PBKDF2 hasher and this configuration option: auth_opt_hasher_salt_encoding utf-8 # salt encoding, either base64 (default) or utf-8
After some debugging I found out that the utf-8 case in the pbkdf2.go always uses the default value