tls and password hashing

shooks
Posts: 5
Joined: Wed Jul 03, 2019 7:23 am

tls and password hashing

Postby shooks » Wed Sep 11, 2019 9:09 am

Hi all
i would link to understand if the mqtts implementation (or maybe the tls implementation) in the esp-idf framework support strong authentication mechanisms.
The framework use some hashing algorithm like scrypt, bcrypt, or Argon2 to send password during connection ?
Thank you in advance.

Baldhead
Posts: 471
Joined: Sun Mar 31, 2019 5:16 am

Re: tls and password hashing

Postby Baldhead » Mon Sep 06, 2021 1:23 am

No response.

I also have that question.

ESP_Sprite
Posts: 9769
Joined: Thu Nov 26, 2015 4:08 am

Re: tls and password hashing

Postby ESP_Sprite » Mon Sep 06, 2021 2:20 am

I'm not familiar with mqtts security features that much, but what would be the use? Password hashing is usually done on the server side in order to protect passwords at rest, that is, instead of storing the password, the hash is stored. Sending bcypted passwords over the lines 1. is not that useful as the line already is supposed to be protected by the TLS encryption and 2. requires the server to store the password in plain-text (as it needs to generate a salted hash to compare to the one the client sends), undoing the at-rest security features.

Baldhead
Posts: 471
Joined: Sun Mar 31, 2019 5:16 am

Re: tls and password hashing

Postby Baldhead » Tue Sep 14, 2021 5:16 am

@ESP_Sprite,

I am trying to put a authentication mechanism in a websocket secure server that i am writing a while.

https://github.com/espressif/esp-idf/issues/7566
https://github.com/espressif/esp-idf/is ... -973004312

Thank's

Who is online

Users browsing this forum: No registered users and 125 guests