I am looking into transferring our internal user source to an external database one to allow for easier maintainability from outside the Gateway's GUI. I would love to keep the same encoding rules Ignition leverages in their builtin user source so we would not require password changes. Does anyone have information regarding the seeds/encoding strategy that is used? I found this topic and doing some tests it doesn't seem to be true.
Have you looked at the internal DB table that holds these passwords yet?
Are they in a format that looks something like [01234567]abcdefg?
Yes, I started by looking in the idb via Kindling. That is the format.
Ok, done by a function equivalent to this:
public static String sha256PasswordSalt(String password) {
Random rand = new Random();
String salt = String.format("%08X", rand.nextInt());
String hashedPass = SecurityUtils.sha256(password + salt);
return String.format("[%s]%s", salt, hashedPass);
}
edit: hang on, gotta see if the sha256 function does anything unexpected...
edit2: nope, just does sha256 on the input and returns the hex-formatted string you see in the table.
1 Like
The other DB sources don't have the same expectations, though, so I'm not sure how smooth a transition this will be...
1 Like
Thanks Kevin. Definitely enough for me to be dangerous now 
Working Python function for others that achieves the same thing
import random
import hashlib
def sha256PasswordSalt(password):
rand = random.Random()
salt = "{:08X}".format(rand.randint(0, 0xFFFFFFFF))
hashedPass = hashlib.sha256((password + salt).encode('utf-8')).hexdigest()
return "[{}]{}".format(salt, hashedPass)