Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bcrypt missing number of passes #75

Closed
kotky opened this issue Sep 1, 2018 · 3 comments
Closed

bcrypt missing number of passes #75

kotky opened this issue Sep 1, 2018 · 3 comments
Assignees
@turtleDeng

Comments

@kotky
Copy link

kotky commented Sep 1, 2018

Hi, I noticed that there is no way to configure number of passes when you use bcrypt hashing, from checking the code I noticed that default is 12, but it would be good to be able to adjust this from security perspective.
@gilbertwong96 gilbertwong96 self-assigned this Sep 3, 2018
@ngjaying
Copy link
Member

Duplicate to emqx/emqx-passwd#1

@ngjaying
Copy link
Member

Hi Josip,
The "number of passes" is contained on the salt. For example, salt "$2a$06$eHX8EKlD8G.A/4/hqnN8Du", the second $06 means the "number of passes" is 6.
Emqx does not generate the salt for you. It is created by the user so that the user can configure the preferred "number of passes". To provide the salt when using emqx-auth-redis, please set the salt for your mqtt users in Redis. Emqx will just read the salt info from redis.

HMSET mqtt_user:<username> password "hashedPassword" salt "salt"

@turtleDeng
Copy link
Member

Thank you for your participation, we will close this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@turtleDeng turtleDeng

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ngjaying @turtleDeng @kotky @gilbertwong96