Are encrypted passwords created via `htpasswd` command line compatible with node-red's decryption mechanism?

I do not wish to use the node-red admin CLI tool to generate an admin password for my Editor. I understand after going through the code of node-red-admin that it uses bcrypt with Cost value of 8.

I tried creating a password using htpasswd as follows:

httppasswd -nBb -C 8 admin P0puloStack

The generated password:

$2y$08$252IoQIYqn/kxOesjtej2eO8/60.o.cnLLbYXSxNJ3gVlwto5khCu

I added the password as an Environment variable so that my docker container can try to spin up node-RED and I tried logging in but to no possible success.

Is there anyway to try to decrypt the password using node-red admin CLI in the container to see if the password checked?

node-red-admin hash-pw

for the same plaintext password provides a very different hash to that of htpasswd i.e.,

node-red-admin generates with $2b$ variant while as $2y$ is generated by htpasswd. Athough they may be compatible

However, an interesting thing javascript - $2y bcrypt hashes in Node.js - Stack Overflow

I replaced the $2y$ with $2a$ and it works.

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.