Fossil Forum

Incorrect or outdated hash example in the password management doc
Login

Incorrect or outdated hash example in the password management doc

Incorrect or outdated hash example in the password management doc

(1) By anonymous on 2021-10-18 12:25:11 [source]

The password management documentation gives this example of USER.PW before hashing:

CE59BB9F186226D80E49D1FA2DB29F935CCA0333/alice/asdfg

and asserts the SHA1 of this to be

f1b699cc9af3eeb98e5de244ca7802ae38e77bae

but this is incorrect. The correct SHA1 hash is

4770e21d1c11a3406ab86845dc5f751dff552f82

This was tested on multiple websites to be absolutely confident this hash is indeed correct.

I also tried assuming the forward slash to be indicative of separations in the concatenated string and not to be included in the calculation, but the resulting hash still doesn't match the documentation.

CE59BB9F186226D80E49D1FA2DB29F935CCA0333aliceasdfg

gives

69b3d6f513394b78bc1929ec6216a754431b68f1

(2) By Stephan Beal (stephan) on 2021-10-18 12:46:11 in reply to 1 [link] [source]

The correct SHA1 hash is

i've simply removed that value from the docs. Having it there adds nothing and apparently causes certain folks grief.

FWIW, another way to validate it is:

$ echo -n CE59BB9F186226D80E49D1FA2DB29F935CCA0333/alice/asdfg | fossil sha1 -
4770e21d1c11a3406ab86845dc5f751dff552f82  -

(That matches your result - no need to compare them ;)