3

I'm currently playing with mosquitto's(https://github.com/eclipse/mosquitto) password generation tool , mosquitto_passwd, I don't really know a lot about hashes algorithms , salts and so on , but one thing I think I understood is how to verify credentials for example : a password is hashed using a certain algorithm , stored , and each time we want to check if a user got the correct password , we hash the input with the same algorithm , and if the hash is the same with the one stored , it would mean that it is the same password.

But when I generate hashes for the same password using mosquitto , I see that these hashes are not the same :

$ mosquitto_passwd -H sha512 -b passfile user password generates :

$6$Bu5dTpOWUYWMXZFk$unOkjDIots1jbOhzdthqXrz3WQ9uSx1ZmwGHlpBivtSMdysin+97xyJndbB1T3sIaLG4JxH0hPYHCXG3+H6z5Q== the first time , and

$6$LL/Vto2dvR5rO/KR$PXoQIqiahL0vvpFZt091Q3tFrNHcf+MykrqmfVWPGnAMDHcdI1MbeF50NAWAyasbhGjcE0GyAN+CiB88bMV+bg== the second.

The format of the hash is $hashtype$salt$hash , $6$ is for sha512 , and the rest is salt + hash.

By looking at the source code (src/password_mosq.c : int pw_hash()) , I noticed that the salt is randomly generated.

What I'm struggling to understand , is how is the program supposed to check the validity of a password if each hashing of this password is different?

Suppose I want to crack this hash using a wordlist , how would I compute the hash that needs to be compared to the one in the database ?

Amine Bensalem
  • 362
  • 3
  • 15

2 Answers2

3

The application doing the authentication has access to the whole output of the mosquitto_passwd command, so it has both the hash and the salt used to create it.

$6$Bu5dTpOWUYWMXZFk$unOkjDIots1jbOhzdthqXrz3WQ9uSx1ZmwGHlpBivtSMdysin+97xyJndbB1T3sIaLG4JxH0hPYHCXG3+H6z5Q==

  • 6 Hash type
  • Bu5dTpOWUYWMXZFk Salt
  • unOkjDIots1jbOhzdthqXrz3WQ9uSx1ZmwGHlpBivtSMdysin+97xyJndbB1T3sIaLG4JxH0hPYHCXG3+H6z5Q== Hash

So when the user presents their password it combines it with the salt, then hashes it. The output from this should then match the hash part of the output.

The point to this is that even if the attacker gets hold of the whole string from mosquitto_passwd, they still have to generate hashes from their word list for every single user (because each one has a different random salt) rather than just hashing the wordlist once and just checking the matches.

hardillb
  • 54,545
  • 11
  • 67
  • 105
0

The program is not supposed to compare hashes in terms of string equality.

It is supposed to retrieve the password hash for a user (eg. using some identity like an email or login) and validate it using a hashing algorithm if it is valid for a given raw password.

Having different hash each time prevents a Rainbow Table attack method ability on your passwords.

Additional reference:

Mike Doe
  • 16,349
  • 11
  • 65
  • 88