Re: ZK ACL question

[Brian Nixon <br...@gmail.com>]

Hi William,

It's been a while since I've looked at this. You could double-check against
how the kazoo client is handling encoding ->
https://github.com/python-zk/kazoo/blob/master/kazoo/security.py#L61 .

Does this help?

-Brian


On Wed, Jul 18, 2018 at 7:36 AM, William Jardine <williamjardine94@gmail.com
> wrote:

> Hey guys,
>
> I'm using ZooKeeper and am curious about how it stores its ACL identities
> created with the digest scheme, and am a bit confused by the website.
> Hoping you can help me.
>
> For example, if I do:#
>
>    - addauth digest testuser1:password1
>    - setAcl /testnode auth:testuser1:password1:w
>
> This stores the following as the ACL identity for testnode:
> 'testuser1:AWB1i+VKSJP/aUdT1QXi+A4j32o=
>
> My question is, what is this hash? The website (
> https://zookeeper.apache.org/doc/r3.1.2/zookeeperProgrammers.html#sc_
> ZooKeeperAccessControl)
> talks about both MD5 and SHA1; I'm confused as to which it's using.
>
> I'm also a bit confused about which part it's hashing. I believe it's one
> of the following combinations:
>
>    - base64(sha1sum("username:password")
>    - base64(sha1sum("password")
>    - base64(md5sum("username:password")
>    - base64(md5sum("password")
>
> But I'm unable to replicate the hash given above. I want to verify my
> passwords are stored in ZK as securely as possible. Are you able to give me
> some more info on how this process works and what scheme it uses? Is it
> doing some salting as well? Any info would be much appreciated.
>
> Cheers,
> William
>