Hi all
i would link to understand if the mqtts implementation (or maybe the tls implementation) in the esp-idf framework support strong authentication mechanisms.
The framework use some hashing algorithm like scrypt, bcrypt, or Argon2 to send password during connection ?
Thank you in advance.
tls and password hashing
Re: tls and password hashing
No response.
I also have that question.
I also have that question.
-
ESP_Sprite
- Posts: 9769
- Joined: Thu Nov 26, 2015 4:08 am
Re: tls and password hashing
I'm not familiar with mqtts security features that much, but what would be the use? Password hashing is usually done on the server side in order to protect passwords at rest, that is, instead of storing the password, the hash is stored. Sending bcypted passwords over the lines 1. is not that useful as the line already is supposed to be protected by the TLS encryption and 2. requires the server to store the password in plain-text (as it needs to generate a salted hash to compare to the one the client sends), undoing the at-rest security features.
Re: tls and password hashing
@ESP_Sprite,
I am trying to put a authentication mechanism in a websocket secure server that i am writing a while.
https://github.com/espressif/esp-idf/issues/7566
https://github.com/espressif/esp-idf/is ... -973004312
Thank's
I am trying to put a authentication mechanism in a websocket secure server that i am writing a while.
https://github.com/espressif/esp-idf/issues/7566
https://github.com/espressif/esp-idf/is ... -973004312
Thank's