search

iegomez / mosquitto-go-auth

Auth plugin for mosquitto.
MIT License
495 stars 165 forks source link

Hasher configuration alway defaults to Base64 #320

Open samograsic opened 5 months ago

samograsic commented 5 months ago

I am having an issue using the PBKDF2 hasher and this configuration option: auth_opt_hasher_salt_encoding utf-8 # salt encoding, either base64 (default) or utf-8

After some debugging I found out that the utf-8 case in the pbkdf2.go always uses the default value

iegomez commented 4 months ago

Hey, @samograsic!

Could you provide more details? I don't think that's true, the relevant pieces are these:

// In Compare

    var salt []byte
    switch h.saltEncoding {
    case UTF8:
        salt = []byte(hashSplit[3])
    default:
        salt, err = base64.StdEncoding.DecodeString(hashSplit[3])
        if err != nil {
            log.Errorf("base64 salt error: %s", err)
            return false
        }
    }

// In hashWithSalt
    switch h.saltEncoding {
    case UTF8:
        buffer.WriteString(string(salt))
    default:
        buffer.WriteString(base64.StdEncoding.EncodeToString(salt))
    }

It is true that the hashed password, including everything among which is the salt, is base64 encoded, but the salt itself may be either utf8 or base64 when passed.