Forum Discussion

Nimbostratus

12 years ago

Basci HTTP Auth with with the salted SHA512 algorithm rather than MD5???

I read this article on the new salted SHA512 algorithm for hashing passwords. I assume this is local but what about using it in a HTTP Basic Auth irule instead of using MD5. Is this possbile? If so,...

deployment

JRahm

Admin

12 years ago

That could be problematic as you need the salt and hash to verify the correct password. Storing it in table space is an option, but that isn't a permanent filestore and you risk forcing password resets for everyone. If you wanted to go down that route, you'd need to generate a CSPRNG for the salt (for SHA512 it should be at least 64 bytes) and prepend that to your password before hashing with the built-in SHA512 iRules command. rand is not cryptographically secure, but perhaps now with proc support, someone wants to take on building a CSPRNG proc for iRules?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Basci HTTP Auth with with the salted SHA512 algorithm rather than MD5???

AppWorld Berlin iRules Contest!

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

Recent Discussions

SSL Forward Proxy, iRules and Client Hello

monitor/healthcheck issue with envoy gateway

Recommendation for Adv. Lab

Changes to DO and AS3 GitHub - no longer monitored

How to Verify config before loading to F5

Related Content

SHA512 passwords

US Tiktok ban, Salt and Twill, over Half billion in crypto stolen

Pegasus, Salt Typhoon, Turla Covert Campaign, Windows 11 TPM2.0, and Chrome's 'Store Review'

What is the "Ring Hash" Load-Balancing Algorithm?

SaltStack Salt SSH Command Injection Vulnerability (CVE-2020-16846)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS