Forum Discussion

Nimbostratus

Sep 04, 2013

Basci HTTP Auth with with the salted SHA512 algorithm rather than MD5???

I read this article on the new salted SHA512 algorithm for hashing passwords. I assume this is local but what about using it in a HTTP Basic Auth irule instead of using MD5. Is this possbile? If so,...

deployment

JRahm

Admin

Sep 04, 2013

That could be problematic as you need the salt and hash to verify the correct password. Storing it in table space is an option, but that isn't a permanent filestore and you risk forcing password resets for everyone. If you wanted to go down that route, you'd need to generate a CSPRNG for the salt (for SHA512 it should be at least 64 bytes) and prepend that to your password before hashing with the built-in SHA512 iRules command. rand is not cryptographically secure, but perhaps now with proc support, someone wants to take on building a CSPRNG proc for iRules?

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Basci HTTP Auth with with the salted SHA512 algorithm rather than MD5???

Recent Discussions

Upgrade F5 BIGIP

MAC address of deleted VS IP address still responsive

ports are showing open on online scanning tool

how to whitelist new source IP on F5 web UI access

TMSH Command to list ASM policies not attached to any virtual servers in all partitions

Related Content

Pegasus, Salt Typhoon, Turla Covert Campaign, Windows 11 TPM2.0, and Chrome's 'Store Review'

SHA512 passwords

What is the "Ring Hash" Load-Balancing Algorithm?

SaltStack Salt SSH Command Injection Vulnerability (CVE-2020-16846)

TCP Nagle Algorithm

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS