Password hashing for local servers
Laycee last edited by
I'm running a local web server on my Raspberry Pi and want to have a login screen. My plan is to hash the password and store the result in a text file ( This is where I'm storing settings for the result of the application ).
Is this the best way to go about it? I'm aware that if an attacker is able to find the hash then they can just make a request to the local server and get authorised that way so is there any point to the password at all?
The Pi will be turned into a Wireless Access Point for which a user would access the local server
Depending on the application you are using, you could enable
libpamaccess and using the password stored on
/etc/shadowfor authorization, for example.
If this isn't possible or is too complex, you could salt and hash the password using Bcrypt, and saving both the salt and hash on the text file. Even if an attacker finds the file, he will not be able to login unless he can alter the file and add his own password to it.