FileZilla Forums

Welcome to the official discussion forums for FileZilla
https://forum.filezilla-project.org/

password hash in xml config

https://forum.filezilla-project.org/viewtopic.php?f=6&t=53453

Page 1 of 1

password hash in xml config

Posted: 2020-11-19 13:06
by menace
Hello,

I´m using FileZilla Server 0.9.60 beta on server 2019.

At the moment I try to edit the FileZilla Server.xml with python to add new user accounts.
Problems here is the user password. As far as I know is the password in the xml sha512 hashed with salt.
In the xml file I have:

Code: Select all

<Option Name="Pass">89750A1828302B7AAAACAC8D4192910FECB4A2ECAAD11341827872CDBAE9FC2C2CE7E3CC11D2EBD9511C80FD140C64807A25BD8FD73DFB7E1E1E0CCCDD9F7AE2</Option>
<Option Name="Salt">&apos;|kOdH6u@z5u3wH7l_.%@|Hri$^7O\`I]t0S`co-/1;]Ou.c8$&lt;rTEHRI)F}~b_!</Option>

my python code looks like:

Code: Select all

import hashlib
user_entered_password = 'As1234567'
salt = "&apos;|kOdH6u@z5u3wH7l_.%@|Hri$^7O\`I]t0S`co-/1;]Ou.c8$&lt;rTEHRI)F}~b_!"
db_password = user_entered_password+salt
h = hashlib.sha512(db_password.encode())
print(h.hexdigest())
which calculates this hash d1edf4d84d98b8c14a51d35c6097032356a2af3803004674856086189554838caeaf2cb88ed5b35c1aeeea57d048c9ac46fc3988a8bc552ee7428480196b5f9e

Any hints for me, why th python hash differs from the gui generated hash in the xml file?


thank you

Re: password hash in xml config

Posted: 2020-11-19 15:34
by botg
Ponder the difference between a textual representation of an XML file and the data it actually contains.

Re: password hash in xml config

Posted: 2020-11-19 17:56
by boco
Feeling a bit of a déjà vu - didn't we have this subject discussed before?

Edit: Of course, viewtopic.php?f=6&t=39934

Re: password hash in xml config

Posted: 2020-11-20 14:28
by botg
Yes, there I looked up my previous reply ;)

Re: password hash in xml config

Posted: 2020-11-23 08:02
by menace
boco wrote:
2020-11-19 17:56
 Feeling a bit of a déjà vu - didn't we have this subject discussed before?

Edit: Of course, viewtopic.php?f=6&t=39934
Thx for the hint to this thread.
Sadly I don´t find any hints or similar for the resolution of thr problem.

In This thread viewtopic.php?f=6&t=53261 @boco mentioned, that the old MD5 hash for the password is still working, which seems to be right.
I could modify the xml file with the MD5 hash of the passwords and the login still is successfully
So in my case I think I will preferre this solution, instead of the salted sha512 one.

Re: password hash in xml config

Posted: 2020-11-24 10:22
by botg
Don't use MD5.

Let me ask you in a different way: How are you reading and writing the file?
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited