#9 add BASE64 encoded SHA1 encryption scheme

open
nobody
None
5
2007-03-12
2007-03-12
zaarkov
No

this patch adds the
AuthMySQLPwEncryption sha1base64
config option that compares the password against a base64 encoded sha1-hash from database.

it can be applied to mod_auth_mysql.c version 3.0.0

Discussion

  • zaarkov
    zaarkov
    2007-03-12

    patch for adding SHA1BASE64 encryption scheme

     
  • Jerry Stuckle
    Jerry Stuckle
    2007-10-11

    Logged In: YES
    user_id=1049703
    Originator: NO

    I'm not sure what would be the reason for base64 encoding a password before placing in a database.

     
  • zaarkov
    zaarkov
    2007-10-12

    Logged In: YES
    user_id=565190
    Originator: YES

    It's a common used password hashing scheme.
    When you connect many components (e.g. SMTP-server, POP3/IMAP-server) to a MySQL database you have to use the schemes they all support.
    Somehow they like the base64 idea, but I don't know their reasons.
    However supporting this will let more users authenticate against passwords already stored in a database instead of encoding passwords in a different way and store them twice.

     
  • Hey, when I try to compile the patched module I get the following error:

    mod_auth_mysql.c: In function ‘pw_sha1_base64’:
    mod_auth_mysql.c:869: error: ‘APR_SHA1PW_IDLEN’ undeclared (first use in this function)
    mod_auth_mysql.c:869: error: (Each undeclared identifier is reported only once
    mod_auth_mysql.c:869: error: for each function it appears in.)
    apxs:Break: Command failed with rc=1

    any ideas? (I'm using apache2 on debian etch)

     
  • Jima
    Jima
    2009-02-05

    I'm pretty fond of this patch, myself. I think it'd be useful to include.