So back to square one (more or less), generating a password hash on that device still fails and we don't know why.
Well I completely missed bcrypt requirements(skim reading got me again, after actually looking it's obvious the author of the documentation is really beating you over the head that you need to use bcrypt 
). After that everything seems to work as expected.
Don't worry that $uperSecure4sure password is my defecto who cares who sees it password by the way.
Node-Red is installed on the IoT Edge Computer as a service but it is not in the environment path so it's not possible to trigger it from the terminal in the conventional sense. That is more than likely why the node-red admin hash-pw command is not working. You'll just get -ash: node-red: not found. This is the first time this has been any issue so we may reconsider this. I didn't do the image setup so I'm not sure where exactly node-red is installed on the device, if I knew we could just export it to the PATH(NVM found it. Working on this now)
So to get this right. You did not use the node-red admin hash-pw command either when testing?
We sorted the location problem out already. If you are using the same device as @fsaavedra the following command should work (assuming the node path is defined and Node-RED > 1.1.0 is installed) :
node /usr/lib/node_modules/node-red/red.js admin hash-pw
1 Like
Yep, I found it. Working on this now. Will get back with you soon.
I have a feeling that whoever solves this (and doesn't work for NCD) will get something from da store for free 
So I installed the admin library instead of trying to run the command through nod-red:
npm install -g --unsafe-perm node-red-admin
After that I executed:
node-red-admin hash-pw
After the prompt I entered my password. A hash was generated in the terminal. I copied the hash and then pasted it into the settings.js file. Next I restart the node-red service with the command:
service nodered restart
Once Node-Red has started back up I attempt to access the web UI. I am prompted for credentials. I enter admin for username and the password used to generate the hash(in this case I just used password as the password). It takes a very long time but finally the UI says Login failed. Not sure where to go from here.
Welcome to the club.
I spent some time to look at the downloads here. There are binaries indeed but I doubt that these can be loaded into a VM easily. I also saw that there is a docker image but I think this is for developing stuff for the onion devices (cross-compiling etc.) and not the actual configuration running on the device itself, right?
If you could send a test device over to Switzerland we could look into this on a deeper level. But I doubt that we will be able to easily find out what causes the problem. Furthermore, even if the login works, bcrypt seems to be too much for this device. So, an external (trusted) server for authorization would be a proper solution, I guess.
I agree with your sentiment of bcrypt being too much for the Omega Onion 2S+. It's an embedded Linux processor meant for small scale applications. We are working on a new IoT Edge Computer which will be based on a Banana Pi M2+ which should have no issue at all with bcrypt. Perhaps it's reasonable to just say this is a limitation of the current gen IoT Edge Computer and say it's an upgrade on the next generation.
Alternatively since I do not believe the use case of securing the Node Red Flow requires super high security is there a way to do this without bcrypt? Just do a verification against the password in the flat file? To my knowledge securing the Node Red Flow Editor in this case is to simply keep people who don't know what their doing from messing things up. These types of users are not going to have the bandwidth to actually go into the terminal, locate the settings file, and copy out the password for the UI. This would be a simple low security solution. Not sure if that's possible or not. bcrypt just seems like overkill for this particular use case and I doubt it's the only one.
Hi telliottosceola, sorry to interupt this thread with something else, but i wanted to ask you if you could help me. I saw how you used mbedtls library on esp32 (GitHub - telliottosceola/mbedtls_generate_pem_key_pair: This library was designed to run on ESP32 Arduino. I simply generates a key pair using mbedtls in pem format.)
i wanted ask you if you could help me, i need to do PKCS1_OAEP decryption with SHA256 hash algorithm. I found that i can use mbedtls library on esp32, and this command "mbedtls_rsa_pkcs1_decrypt" but i dont know how to use the library, i know that you have some experience with it, so i wanted to ask you for help.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.
