Errors when PBKDF2 strings contain dots
Matthew Newton
mcn at freeradius.org
Tue Aug 3 21:03:24 CEST 2021
On 03/08/2021 18:23, Alan DeKok wrote:
> On Aug 3, 2021, at 12:14 PM, Jason Alderfer <jha2 at emu.edu> wrote:
>> When using the Python passlib module to generate PBKDF2 password hashes,
>> the resulting values may contain a "." which causes FreeRADIUS 3.0.23 to
>> fail to decode them. I am assuming a bug in FreeRADIUS but I suppose
>> another possibility would be that Python's passlib is not conforming to
>> some encoding standard that FreeRADIUS expects.
>
> The encoding should be base64. The '.' character is not used in base64.
>
> It looks like the Python library is broken.
Yup
https://github.com/efficks/passlib/blob/master/passlib/utils/binary.py#L175-L200
--
Matthew
More information about the Freeradius-Users
mailing list