| Time |
Nick |
Message |
| 05:00 |
pinesol_green |
News from qatests: Test Success <http://testing.evergreen-ils.org/~live> |
| 07:20 |
|
rjackson_isl joined #evergreen |
| 07:23 |
|
JBoyer joined #evergreen |
| 08:40 |
|
mmorgan joined #evergreen |
| 08:52 |
|
collum joined #evergreen |
| 08:56 |
|
bos20k joined #evergreen |
| 09:14 |
|
maryj joined #evergreen |
| 09:18 |
|
yboston joined #evergreen |
| 09:23 |
|
jvwoolf joined #evergreen |
| 10:02 |
|
mmorgan1 joined #evergreen |
| 10:06 |
jeff |
d |
| 10:06 |
jeff |
again, not tmux. |
| 10:45 |
|
mmorgan joined #evergreen |
| 10:45 |
|
agoben joined #evergreen |
| 10:50 |
|
kmlussier joined #evergreen |
| 11:05 |
|
remingtron joined #evergreen |
| 11:17 |
|
khuckins__ joined #evergreen |
| 12:02 |
|
Christineb joined #evergreen |
| 12:16 |
|
sandbergja joined #evergreen |
| 12:21 |
* kmlussier |
is posting comments as Evergreen Bug Maintenance again. :( |
| 12:27 |
|
jihpringle joined #evergreen |
| 12:33 |
miker |
_bott_: I just marked your bug as private and security related ... as it happens, it's a duplicate of one I entered last week that has patches already :) |
| 12:33 |
_bott_ |
patches would be very welcomed! |
| 12:35 |
miker |
I've attached you to the other bug. I'm going to mark yours as dup and put patches (instead of branch names in a repo you can't get to...) there so you can test 'em |
| 12:36 |
|
genpaku joined #evergreen |
| 12:37 |
|
jihpringle joined #evergreen |
| 12:41 |
|
jvwoolf joined #evergreen |
| 12:46 |
|
bos20k joined #evergreen |
| 13:38 |
|
mmorgan joined #evergreen |
| 13:55 |
|
dteston joined #evergreen |
| 13:57 |
dteston |
What is the new algorithm for password hashing? From what I understand of the DB functions, it's MD5(salt || MD5('Password123')), but I can't recreate my new password using the salt + my old password. |
| 14:00 |
tsbere |
dteston: have you checked the crypt function out? |
| 14:01 |
|
mmorgan1 joined #evergreen |
| 14:03 |
dteston |
tsbere: I see the function, but no description or way to call it |
| 14:03 |
tsbere |
dteston: It is part of the pgcrypto (I think) extension, not something Evergreen implements |
| 14:05 |
berick |
dteston: that's the rigth algo to get the password /before/ it's encrypted inside of PG. |
| 14:08 |
berick |
that then goes into crypt(hashed_password, salt) |
| 14:08 |
dteston |
berick: so it's crypt( MD5(salt || MD5('Password123'))) ? |
| 14:08 |
dteston |
Oh, okay gotcha. I'll try that now |
| 14:09 |
berick |
and new salts have to come from the actor.create_salt() db func |
| 14:15 |
berick |
specifically actor.create_salt('main') |
| 14:17 |
dteston |
berick: So existing salts are pulled from actor.passwd, but new salts are created from that function once per user? |
| 14:21 |
berick |
dteston: existing MD5 hashed passwords [ just MD5('password123') ] are pulled from actor.passwd. all passwords, migrated and new, get new salts from actor.create_salt() |
| 14:22 |
berick |
dteston: see also actor.migrate_passwd() db func |
| 14:22 |
_bott_ |
miker: patches in and brief testing yields positive results |
| 14:27 |
dteston |
berick: post-migration though, the only salt that's used to authenticate my password will be on actor.passwd, right? |
| 14:28 |
berick |
dteston: yes |
| 14:29 |
berick |
it's the only salt, but passwords going forward also do the 2 rounds of md5 hashing |
| 14:30 |
berick |
we couldn't get rid of the md5 bit without breaking backwards compat |
| 14:35 |
dteston |
berick: |
| 14:36 |
dteston |
** berick: trying it now |
| 14:52 |
dteston |
berick: the '||' is simply concatenation, right? As in 'dog || cat' == 'dogcat' |
| 15:06 |
berick |
dteston: yeah, but in your example: 'dog' || 'cat' |
| 15:06 |
* berick |
knows dteston knows that, but can't help himself |
| 15:07 |
dteston |
berick: no worries, it'll help clarify for anyone re-reading these IRC logs in the future |
| 15:09 |
dteston |
berick: I found out why I couldn't recreate the password: I needed single quotes around the pre-salted MD5 string to cancel out the special characters |
| 15:11 |
berick |
dteston: ah. shell script? |
| 15:11 |
berick |
or i guess perl |
| 15:11 |
dteston |
Yep: echo -n <string> | md5sum |
| 15:11 |
dteston |
Shell |
| 15:11 |
berick |
ah, cool, glad you found it |
| 15:11 |
dteston |
berick: thanks for your help |
| 15:11 |
dteston |
berick++ |
| 15:14 |
|
RBecker joined #evergreen |
| 15:19 |
|
gsams joined #evergreen |
| 15:25 |
|
gsams joined #evergreen |
| 15:27 |
|
dteston joined #evergreen |
| 16:04 |
|
mmorgan joined #evergreen |
| 17:00 |
pinesol_green |
News from qatests: Test Success <http://testing.evergreen-ils.org/~live> |
| 17:10 |
|
jvwoolf left #evergreen |
| 17:10 |
|
mmorgan left #evergreen |
| 17:23 |
Stompro |
mmorgan++ Thanks for the response to my list question! |
| 18:14 |
jeffdavis |
Weird. In the past few days we've started seeing "no connection to the server" errors on db requests on multiple non-production servers. |
| 18:14 |
jeffdavis |
It's as if EG stops being able to see the (shared) db server, but we don't see any actual network issues. |
| 19:25 |
|
kenstir joined #evergreen |
| 19:47 |
kenstir |
tell dbs Thanks very much for the supercat example |
