password hash in xml config

Need help with FileZilla Server? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Post Reply
Message
Author
menace
500 Command not understood
Posts: 2
Joined: 2020-11-19 12:54
First name: hans
Last name: wurscht

password hash in xml config

#1 Post by menace » 2020-11-19 13:06

Hello,

I´m using FileZilla Server 0.9.60 beta on server 2019.

At the moment I try to edit the FileZilla Server.xml with python to add new user accounts.
Problems here is the user password. As far as I know is the password in the xml sha512 hashed with salt.
In the xml file I have:

Code: Select all

<Option Name="Pass">89750A1828302B7AAAACAC8D4192910FECB4A2ECAAD11341827872CDBAE9FC2C2CE7E3CC11D2EBD9511C80FD140C64807A25BD8FD73DFB7E1E1E0CCCDD9F7AE2</Option>
<Option Name="Salt">&apos;|kOdH6u@z5u3wH7l_.%@|Hri$^7O\`I]t0S`co-/1;]Ou.c8$&lt;rTEHRI)F}~b_!</Option>

my python code looks like:

Code: Select all

import hashlib
user_entered_password = 'As1234567'
salt = "&apos;|kOdH6u@z5u3wH7l_.%@|Hri$^7O\`I]t0S`co-/1;]Ou.c8$&lt;rTEHRI)F}~b_!"
db_password = user_entered_password+salt
h = hashlib.sha512(db_password.encode())
print(h.hexdigest())
which calculates this hash d1edf4d84d98b8c14a51d35c6097032356a2af3803004674856086189554838caeaf2cb88ed5b35c1aeeea57d048c9ac46fc3988a8bc552ee7428480196b5f9e

Any hints for me, why th python hash differs from the gui generated hash in the xml file?


thank you

User avatar
botg
Site Admin
Posts: 33242
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: password hash in xml config

#2 Post by botg » 2020-11-19 15:34

Ponder the difference between a textual representation of an XML file and the data it actually contains.

User avatar
boco
Contributor
Posts: 25334
Joined: 2006-05-01 03:28
Location: Germany

Re: password hash in xml config

#3 Post by boco » 2020-11-19 17:56

Feeling a bit of a déjà vu - didn't we have this subject discussed before?

Edit: Of course, viewtopic.php?f=6&t=39934
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
### END SIGNATURE BLOCK ###

User avatar
botg
Site Admin
Posts: 33242
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: password hash in xml config

#4 Post by botg » 2020-11-20 14:28

Yes, there I looked up my previous reply ;)

menace
500 Command not understood
Posts: 2
Joined: 2020-11-19 12:54
First name: hans
Last name: wurscht

Re: password hash in xml config

#5 Post by menace » 2020-11-23 08:02

boco wrote:
2020-11-19 17:56
Feeling a bit of a déjà vu - didn't we have this subject discussed before?

Edit: Of course, viewtopic.php?f=6&t=39934
Thx for the hint to this thread.
Sadly I don´t find any hints or similar for the resolution of thr problem.

In This thread viewtopic.php?f=6&t=53261 @boco mentioned, that the old MD5 hash for the password is still working, which seems to be right.
I could modify the xml file with the MD5 hash of the passwords and the login still is successfully
So in my case I think I will preferre this solution, instead of the salted sha512 one.

User avatar
botg
Site Admin
Posts: 33242
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: password hash in xml config

#6 Post by botg » 2020-11-24 10:22

Don't use MD5.

Let me ask you in a different way: How are you reading and writing the file?

Post Reply