I’m familiar with using Caddy’s BasicAuth,
basicauth path username password
But there are some situations where multiple users have access to the Caddyfile, and they can see the password in plain text. For enhanced security, can passwords be hashed? Is that a feature we could eventually have?
BasicAuth doesn’t support that.
loginsrv does support that.
It supports: MD5, SHA1 as well as BCrypt. Most secure is BCrypt.
We can implement it into basicauth, just need to do it right. If we did support it, I would only want good hashes to be allowed (bcrypt, scrypt), and require a salt.
I imagine you’re a busy guy, and this is low priority. So what will it take to make this happen?
I agree you’d only want strong hashes and a salt.
How about something like this:
basicauth / user scrypt:salt:hashgoeshere
Or we could just prepend the salt to the hash, like how Python’s bcrypt does it (I think): bcrypt · PyPI
But with the salt separated like this, it can be any length. It could even have colons, if we just assume the last colon is the delimiter.
Pull requests welcomed!
Looks like there’s an open Github feature request that seems like the relevant place for implementation/technical discussion.
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.