tls and password hashing
Posted: Wed Sep 11, 2019 9:09 am
by shooks
Hi all
i would link to understand if the mqtts implementation (or maybe the tls implementation) in the esp-idf framework support strong authentication mechanisms.
The framework use some hashing algorithm like scrypt, bcrypt, or Argon2 to send password during connection ?
Thank you in advance.
Re: tls and password hashing
Posted: Mon Sep 06, 2021 1:23 am
by Baldhead
No response.
I also have that question.
Re: tls and password hashing
Posted: Mon Sep 06, 2021 2:20 am
by ESP_Sprite
I'm not familiar with mqtts security features that much, but what would be the use? Password hashing is usually done on the server side in order to protect passwords at rest, that is, instead of storing the password, the hash is stored. Sending bcypted passwords over the lines 1. is not that useful as the line already is supposed to be protected by the TLS encryption and 2. requires the server to store the password in plain-text (as it needs to generate a salted hash to compare to the one the client sends), undoing the at-rest security features.
Re: tls and password hashing
Posted: Tue Sep 14, 2021 5:16 am
by Baldhead
@ESP_Sprite,
I am trying to put a authentication mechanism in a websocket secure server that i am writing a while.
https://github.com/espressif/esp-idf/issues/7566
https://github.com/espressif/esp-idf/is ... -973004312
Thank's