Are encrypted passwords created via `htpasswd` command line compatible with node-red's decryption mechanism?

Shan · 4 June 2022 17:54

I do not wish to use the node-red admin CLI tool to generate an admin password for my Editor. I understand after going through the code of node-red-admin that it uses bcrypt with Cost value of 8.

I tried creating a password using htpasswd as follows:

httppasswd -nBb -C 8 admin P0puloStack

The generated password:

$2y$08$252IoQIYqn/kxOesjtej2eO8/60.o.cnLLbYXSxNJ3gVlwto5khCu

I added the password as an Environment variable so that my docker container can try to spin up node-RED and I tried logging in but to no possible success.

Is there anyway to try to decrypt the password using node-red admin CLI in the container to see if the password checked?

Shan · 4 June 2022 18:29

node-red-admin hash-pw

for the same plaintext password provides a very different hash to that of htpasswd i.e.,

node-red-admin generates with $2b$ variant while as $2y$ is generated by htpasswd. Athough they may be compatible

However, an interesting thing javascript - $2y bcrypt hashes in Node.js - Stack Overflow

I replaced the $2y$ with $2a$ and it works.

system · 18 June 2022 18:30

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Node Red Authentication PW Hash issue General	24	9069	25 January 2021
[Blog] Secure your node-RED container using `htpasswd` Share Your Projects docker	0	313	9 June 2022
[NEWBIE] node-red-admin hash-pw General	3	1398	12 April 2019
Password in Node-RED General	49	4466	30 December 2021
Hashing password General	5	2730	26 February 2019

Are encrypted passwords created via `htpasswd` command line compatible with node-red's decryption mechanism?

Related topics