Are encrypted passwords created via `htpasswd` command line compatible with node-red's decryption mechanism?

Shan · 4 June 2022 17:54

I do not wish to use the node-red admin CLI tool to generate an admin password for my Editor. I understand after going through the code of node-red-admin that it uses bcrypt with Cost value of 8.

I tried creating a password using htpasswd as follows:

httppasswd -nBb -C 8 admin P0puloStack

The generated password:

$2y$08$252IoQIYqn/kxOesjtej2eO8/60.o.cnLLbYXSxNJ3gVlwto5khCu

I added the password as an Environment variable so that my docker container can try to spin up node-RED and I tried logging in but to no possible success.

Is there anyway to try to decrypt the password using node-red admin CLI in the container to see if the password checked?

Shan · 4 June 2022 18:29

node-red-admin hash-pw

for the same plaintext password provides a very different hash to that of htpasswd i.e.,

node-red-admin generates with $2b$ variant while as $2y$ is generated by htpasswd. Athough they may be compatible

However, an interesting thing javascript - $2y bcrypt hashes in Node.js - Stack Overflow

I replaced the $2y$ with $2a$ and it works.

system · 18 June 2022 18:30

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
[Blog] Secure your node-RED container using `htpasswd` Share Your Projects docker	0	298	9 June 2022
Hashing password General	5	2654	26 February 2019
Securing Node-Red without command line General security	4	146	25 December 2023
Password in Node-RED General	49	3955	30 December 2021
Node Red Authentication PW Hash issue General	24	9002	25 January 2021

Are encrypted passwords created via `htpasswd` command line compatible with node-red's decryption mechanism?

Related Topics