couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Candler <B.Cand...@pobox.com>
Subject Re: JavaScript bcrypt (was Re: authentication cleanup)
Date Sun, 07 Feb 2010 18:45:17 GMT
On Sun, Feb 07, 2010 at 10:23:17AM -0800, Chris Anderson wrote:
> > password: "plain"
> > password: "{CRYPT}$1$foo$bar"
> > password: "{SHA1}..."
> > password: "{SSHA1}...with salt..."
> > ... etc
> >
> 
> That doesn't sound bad at all.
...
> If we can't find an Erlang library, is there a spec we should look at
> while implementing?

Yep, it's here:
http://www.openldap.org/doc/admin24/security.html

Scroll down to section 14.4. Well actually it's not a full spec as it
doesn't show how the salt and value are separated in SSHA1, but you can get
that from the source.

Note that the {CRYPT} format is a unix crypt, which is itself an extensible
format; $2$...  is what openbsd are using for bcrypt.

So actually you could just use that format. The OpenLDAP format would allow
you to support existing salted SHA1 passwords in the same field.

B.

Mime
View raw message