AdguardTeam
Some B-Crypt hashes are not accepted, need easier PW-change method
Raspberry Pi 4 - Bullseye 64bit - latest AGH edge release
Issue Details
- AGH does not accept some B-Crypt hashes created by Apache HTPassWd 2.4.52 command line utility for Windows for strong passwords (24-30 characters, all symbols, including Latin-1 supplement). AGH simply says that password is incorrect for some hashes.
- It is still very inconvinient to change AGH password. It requires too many steps:
- Generating B-Crypt hash (using some website or HTPassWd)
- Accessing SSH
- Navigating to AGH directory, stopping AGH service
- Editing AdGuardHome.yaml with new B-Crypt hash
- Re-starting AGH
- Attempting to login with new password
Expected Behavior
- Unknown. Character complexity worsens chances of functional hash. Number of rounds (C parameter) doesn't seem to affect chances of generating functional hash. It is unknown whether online B-Crypt hash generators are affected, but hashes generated by Apache HTPassWd definitely are.
- Still waiting on that feature. Changing passwords should be done within GUI, just like on common home routers.
P.S. Also consider random self-signed certificate & key pair generator for securing local access connections upon initial AGH installation.
The second point is #1321. Please, do not put multiple issues into one form.
The first one needs investigation. Can you provide an example of a password that causes issues? It is important to note that AdGuard Home uses UTF-8 internally, so if your passwords with Latin-1 aren't UTF-8, there may naturally be issues.
Plaintext: ¦á¶h`@J¥ãEü3]j(ùÑøÿUX±ÖjË;ú©Ö~ém Hash (12 rounds): $2y$12$gD3uZqzApeVgur1bcYepJe7wS7xftkhlBClYkziKtXDw/D5XO.OCq
Hash matches text when verified via https://bcrypt.online/ , but that hash does not work with that password in AGH.
@7ArxS2PrqAUF9Gom, I've just added that hash to my AdGuardHome.yaml and successfully logged in. I still feel like it could be an encoding error.