Comments (3)
Tovi163
commented on August 30, 2024
reference:https://www.docs4dev.com/docs/zh/apache/2.4/reference/misc-password_encryptions.html
from go-http-auth.
abbot
commented on August 30, 2024
I am trying to understand your concern.
First to answer your questions about changing or tweaking the number of iterations: no, this cannot be changed. This is the standard MD5Crypt implementation, which requires exactly 1000 iterations of this loop, no more and no less. Changing the number of iterations will change the computed hash and make this code incompatible with any other implementation of the MD5Crypt.
I think the only part of this package which uses MD5Crypt is the basic auth implementation in the case when the password is also stored in MD5Crypt form. In this case the MD5Crypt is called exactly once per HTTP query to encrypt the plain text password sent in basic authentication to the MD5Crypt hash. I'm not sure there is a faster way of doing the same thing.
What exactly is the solution you are looking for?
from go-http-auth.
Tovi163
commented on August 30, 2024
I am trying to understand your concern.
First to answer your questions about changing or tweaking the number of iterations: no, this cannot be changed. This is the standard MD5Crypt implementation, which requires exactly 1000 iterations of this loop, no more and no less. Changing the number of iterations will change the computed hash and make this code incompatible with any other implementation of the MD5Crypt.
I think the only part of this package which uses MD5Crypt is the basic auth implementation in the case when the password is also stored in MD5Crypt form. In this case the MD5Crypt is called exactly once per HTTP query to encrypt the plain text password sent in basic authentication to the MD5Crypt hash. I'm not sure there is a faster way of doing the same thing.
What exactly is the solution you are looking for?
Thank you very much for your prompt reply. My expectation is to minimize the number of encryption and decryption operations. After asking this questions, I found out the algorithm principle of MD5Crpt, reference:https://www.docs4dev.com/docs/zh/apache/2.4/reference/misc-password_encryptions.html
Taking into account my usage scenarios and demands, I replaced the algorithm, and finally used SHA, the reason is
- Every request requires authentication(mybe this require should be optimized later)
- All requests are the authentication process between internal systems, similar to a gentleman aggreement
from go-http-auth.
Related Issues (20)
- How to create a password from string HOT 1
- Tag v1 version and add it to gopkg.in
- Support digest with SHA-256 and SHA-512/256 as per RFC 7616 HOT 3
- Can i use this to send HTTP GET to a Digest authenticated server? HOT 1
- DigestAuth functions aren't thread-safe (Race conditions) HOT 3
- Go 1.10: misc_test.go:35: Fatalf format %s reads arg #3, but call has only 2 args
- BasicAuth password generate HOT 2
- algorithm HOT 1
- Session Expiry handling
- Update example?
- use of raw map for digest.clients leads to concurrent writes to map HOT 1
- Documentation on how to set passwords. HOT 1
- intermittent failure to find passwords (possible race?) HOT 4
- concurrent map read and map write HOT 2
- More crypters [Patch included] HOT 2
- Double lock in digest
- Imlement http.Handler interface
- repeat ask user and password when using digest
- please tag and release HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from go-http-auth.