Problem with decrypting hash in Base64

3

I was reading about an apache rule for validating permissions on files / directories , and I saw that the default file that reads the user and password was:

usuário:senha (sendo a senha em base64).

I tried to decode the password through the linux terminal, but an error message was returned:

~$ echo "zuQCCnEXtTamg" | base64 -d

~$ Invalid Input

And in Windows with cerUtil :

Retorno inválido de dados

I've searched and seen that this error is generated by the char-encoding type that the file was encoded (UTF-8, UTF-

The problem is that I do not know how it was coded nor where (as windows uses utf8 and linux is not by default). Is there any way to find out how it was encoded and its encoding?

Hash: zuQCCnEXtTamg

    
asked by anonymous 27.04.2014 / 19:11

2 answers

2

This is not how .htpasswd works ... What is stored is not the password encoded in base 64 but rather a password hash - and to my knowledge, this is not necessarily encoded in base 64 (it can specify the algorithm, parameters, salt, each in its format and everything separated by $ ).

If you're not familiar with hashes, see this related question . It is impossible (except by trial and error) to retrieve the original password from the hash, so trying to "decode" text in base 64 is not working (regardless of the output encoding ). In order to authenticate a user, what Apache does is re-havehear the submitted password and compare its hash with the hash saved in the file.

Getting the original password from the hash is at best laborious, and at worst impossible [in practice]. Note that the hash used by Apache (% with% or% with%) is considered "weak" (see linked question), so newer systems ( Apache 2.4+ ) should migrate to MD5 . If this algorithm is used, in fact it is not feasible to try to recover the password from the hash.

Note: See this question in security.SE (in English) for reasons why it is important to use a "strong" hash in this situation, although at first glance it does not look like this.

    
28.04.2014 / 09:22
0

On MacOS you have decoded "q? 6?", but I used --decode :

echo zuQCCnEXtTamg | base64 --decode
??
q?6?Paulo:~ paulo$ 

On this site link the result was "q6"

    
28.04.2014 / 10:08