-
Use sha256 for password file authentication
Currently I am using the -u flag on startup to authenticate users, where the password file contains the sha1 hash of their plain text passwords, the sha1 being generated using -33!.
Is it possible to switch out the sha1 for a sha256 algorithm instead, given that I have a loaded a sha256 function from a shared library?
-
2 Replies
-
I don’t believe sha256 is supported with -u/-U, however you could instead perhaps use .z.pw to carry out custom validation to the effect of:
- Read your user:sha256 file in the callback when a connection attempt is made
- Convert the plain text password from the user to sha256
- Validate the user with 1b (success) or 0b (failure)
References:
-
Thanks David, yes I was thinking the same, using .z.pw to basically do what I imagine -u is doing 7nder the hood. I just didn’t want to be writing the logic for comparing the users plain text password. Currently with -u, it has the advantage that the logic which does that comparison is inaccessible, so it’s a bit more secure. But if there is no way to overwrite the -33! then defining a .z.pw is the only way to go.
Log in to reply.