KX Community

Find answers, ask questions, and connect with our KX Community around the world.

Home Forums kdb+ Use sha256 for password file authentication

  • Use sha256 for password file authentication

    Posted by jlucid on July 17, 2023 at 12:00 am

    Currently I am using the -u flag on startup to authenticate users, where the password file contains the sha1 hash of their plain text passwords, the sha1 being generated using -33!.

    Is it possible to switch out the sha1 for a sha256 algorithm instead, given that I have a loaded a sha256 function from a shared library?

     

     

    jlucid replied 1 month, 1 week ago 2 Members · 2 Replies
  • 2 Replies
  • davidcrossey

    Member
    July 17, 2023 at 12:00 am

    I don’t believe sha256 is supported with -u/-U, however you could instead perhaps use .z.pw to carry out custom validation to the effect of:

    1. Read your user:sha256 file in the callback when a connection attempt is made
    2. Convert the plain text password from the user to sha256
    3. Validate the user with 1b (success) or 0b (failure)

    References:

  • jlucid

    Member
    July 17, 2023 at 12:00 am

    Thanks David, yes I was thinking the same, using .z.pw to basically do what I imagine -u is doing 7nder the hood. I just didn’t want to be writing the logic for comparing the users plain text password. Currently with -u, it has the advantage that the logic which does that comparison is inaccessible, so it’s a bit more secure. But if there is no way to overwrite the -33! then defining a .z.pw is the only way to go.

Log in to reply.