Password hashing for local servers



  • I'm running a local web server on my Raspberry Pi and want to have a login screen. My plan is to hash the password and store the result in a text file ( This is where I'm storing settings for the result of the application ).

    Is this the best way to go about it? I'm aware that if an attacker is able to find the hash then they can just make a request to the local server and get authorised that way so is there any point to the password at all?

    The Pi will be turned into a Wireless Access Point for which a user would access the local server



  • Depending on the application you are using, you could enable libpam access and using the password stored on /etc/shadow for authorization, for example.

    If this isn't possible or is too complex, you could salt and hash the password using Bcrypt, and saving both the salt and hash on the text file. Even if an attacker finds the file, he will not be able to login unless he can alter the file and add his own password to it.



Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2