Consider supporting bcrypt $2y$ hash?

Hi,

As per https://stackoverflow.com/questions/15733196/where-2x-prefix-are-used-in-bcrypt, there’s no functional difference between 2a and 2y.

However a minor problem arises when using something like “htpasswd -nB -C 12” to generate a hash: the output has 2y as the variant, but these hashes are not validated by Search Guard.

Modifying 2y to 2a in sg_internal_users.yml works fine, so the question is: would it be possible for Search Guard to accept 2y variant hashes? Modifying the hash after it’s output can be problematic.

Thanks!
CK

thx, will look into it

···

Am 19.07.2017 um 05:03 schrieb CK <posthamster@gmail.com>:

Hi,

As per https://stackoverflow.com/questions/15733196/where-2x-prefix-are-used-in-bcrypt, there's no functional difference between 2a and 2y.

However a minor problem arises when using something like "htpasswd -nB -C 12" to generate a hash: the output has 2y as the variant, but these hashes are not validated by Search Guard.

Modifying 2y to 2a in sg_internal_users.yml works fine, so the question is: would it be possible for Search Guard to accept 2y variant hashes? Modifying the hash after it's output can be problematic.

Thanks!
CK

--
You received this message because you are subscribed to the Google Groups "Search Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/d14a4d9b-c8d1-4953-a801-6ea919f45b1d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

···

Am 19.07.2017 um 05:03 schrieb CK <posthamster@gmail.com>:

Hi,

As per https://stackoverflow.com/questions/15733196/where-2x-prefix-are-used-in-bcrypt, there's no functional difference between 2a and 2y.

However a minor problem arises when using something like "htpasswd -nB -C 12" to generate a hash: the output has 2y as the variant, but these hashes are not validated by Search Guard.

Modifying 2y to 2a in sg_internal_users.yml works fine, so the question is: would it be possible for Search Guard to accept 2y variant hashes? Modifying the hash after it's output can be problematic.

Thanks!
CK

--
You received this message because you are subscribed to the Google Groups "Search Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/d14a4d9b-c8d1-4953-a801-6ea919f45b1d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Thanks :slight_smile:

···

On Saturday, 12 August 2017 00:03:36 UTC+3, Search Guard wrote:

https://github.com/bcgit/bc-java/issues/207

Am 19.07.2017 um 05:03 schrieb CK posth...@gmail.com:

Hi,

As per https://stackoverflow.com/questions/15733196/where-2x-prefix-are-used-in-bcrypt, there’s no functional difference between 2a and 2y.

However a minor problem arises when using something like “htpasswd -nB -C 12” to generate a hash: the output has 2y as the variant, but these hashes are not validated by Search Guard.

Modifying 2y to 2a in sg_internal_users.yml works fine, so the question is: would it be possible for Search Guard to accept 2y variant hashes? Modifying the hash after it’s output can be problematic.

Thanks!

CK


You received this message because you are subscribed to the Google Groups “Search Guard” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.

To post to this group, send email to search...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/d14a4d9b-c8d1-4953-a801-6ea919f45b1d%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Has this been implemented in SG yet? I’m running 5.5.2-16 and still can’t use 2y

Thanks!

···

On Saturday, 12 August 2017 09:03:36 UTC+12, Search Guard wrote:

https://github.com/bcgit/bc-java/issues/207

Am 19.07.2017 um 05:03 schrieb CK posth...@gmail.com:

Hi,

As per https://stackoverflow.com/questions/15733196/where-2x-prefix-are-used-in-bcrypt, there’s no functional difference between 2a and 2y.

However a minor problem arises when using something like “htpasswd -nB -C 12” to generate a hash: the output has 2y as the variant, but these hashes are not validated by Search Guard.

Modifying 2y to 2a in sg_internal_users.yml works fine, so the question is: would it be possible for Search Guard to accept 2y variant hashes? Modifying the hash after it’s output can be problematic.

Thanks!

CK


You received this message because you are subscribed to the Google Groups “Search Guard” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.

To post to this group, send email to search...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/d14a4d9b-c8d1-4953-a801-6ea919f45b1d%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

this will come with SG6

···

On Wednesday, 13 September 2017 01:57:10 UTC+2, CK wrote:

Has this been implemented in SG yet? I’m running 5.5.2-16 and still can’t use 2y

Thanks!

On Saturday, 12 August 2017 09:03:36 UTC+12, Search Guard wrote:

https://github.com/bcgit/bc-java/issues/207

Am 19.07.2017 um 05:03 schrieb CK posth...@gmail.com:

Hi,

As per https://stackoverflow.com/questions/15733196/where-2x-prefix-are-used-in-bcrypt, there’s no functional difference between 2a and 2y.

However a minor problem arises when using something like “htpasswd -nB -C 12” to generate a hash: the output has 2y as the variant, but these hashes are not validated by Search Guard.

Modifying 2y to 2a in sg_internal_users.yml works fine, so the question is: would it be possible for Search Guard to accept 2y variant hashes? Modifying the hash after it’s output can be problematic.

Thanks!

CK


You received this message because you are subscribed to the Google Groups “Search Guard” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.

To post to this group, send email to search...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/d14a4d9b-c8d1-4953-a801-6ea919f45b1d%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.