How to generate password_hash for RabbitMQ Management HTTP API
For lazy people (like me ;) ), there is the code for computing RabbitMq password with Sha512 for the framework .Net Core.
public static class RabbitMqPasswordHelper
{
public static string EncodePassword(string password)
{
using (RandomNumberGenerator rand = RandomNumberGenerator.Create())
using (var sha512 = SHA512.Create())
{
byte[] salt = new byte[4];
rand.GetBytes(salt);
byte[] saltedPassword = MergeByteArray(salt, Encoding.UTF8.GetBytes(password));
byte[] saltedPasswordHash = sha512.ComputeHash(saltedPassword);
return Convert.ToBase64String(MergeByteArray(salt, saltedPasswordHash));
}
}
private static byte[] MergeByteArray(byte[] array1, byte[] array2)
{
byte[] merge = new byte[array1.Length + array2.Length];
array1.CopyTo(merge, 0);
array2.CopyTo(merge, array1.Length);
return merge;
}
}
And for the fun the bash version !
#!/bin/bash
function encode_password()
{
SALT=$(od -A n -t x -N 4 /dev/urandom)
PASS=$SALT$(echo -n $1 | xxd -ps | tr -d '\n' | tr -d ' ')
PASS=$(echo -n $PASS | xxd -r -p | sha256sum | head -c 128)
PASS=$(echo -n $SALT$PASS | xxd -r -p | base64 | tr -d '\n')
echo $PASS
}
encode_password "some-password"
Here is a small python script I stumbled across some time ago (attribution is in the script) that is great for quick hash generation. It doesn't do any error checking, so is quite simple:
#!/usr/bin/env python3
# rabbitMQ password hashing algo as laid out in:
# http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/2011-May/012765.html
from __future__ import print_function
import base64
import os
import hashlib
import struct
import sys
# This is the password we wish to encode
password = sys.argv[1]
# 1.Generate a random 32 bit salt:
# This will generate 32 bits of random data:
salt = os.urandom(4)
# 2.Concatenate that with the UTF-8 representation of the plaintext password
tmp0 = salt + password.encode('utf-8')
# 3. Take the SHA256 hash and get the bytes back
tmp1 = hashlib.sha256(tmp0).digest()
# 4. Concatenate the salt again:
salted_hash = salt + tmp1
# 5. convert to base64 encoding:
pass_hash = base64.b64encode(salted_hash)
print(pass_hash.decode("utf-8"))
From: http://rabbitmq.1065348.n5.nabble.com/Password-Hashing-td276.html
However, the algorithm is quite simple if you want to implement it yourself. Here's a worked example:
Generate a random 32 bit salt:
CA D5 08 9B
Concatenate that with the UTF-8 representation of the password (in this case "simon"):
CA D5 08 9B 73 69 6D 6F 6E
Take the MD5 hash:
CB 37 02 72 AC 5D 08 E9 B6 99 4A 17 2B 5F 57 12
Concatenate the salt again:
CA D5 08 9B CB 37 02 72 AC 5D 08 E9 B6 99 4A 17 2B 5F 57 12
And convert to base64 encoding:
ytUIm8s3AnKsXQjptplKFytfVxI=
you should be able to modify your code to follow this process