PBKDF2-HMAC-SHA256
#1
I read a nice post about this format: Storing Password in an easy and secure way using Perl

Author wrote, the generated hash:
"The hash will look like this string: {X-PBKDF2}HMACSHA1:AAAD6A:SEvDOw==:1rmVDmR6OgwPEYV5CiwUeYnd+OE="

Can you explain, what the 2nd field (AAAD6A) is for?
Can iteration be determined from this format?

Thank you.
Reply
#2
it's written in the document you linked: https://perlmaven.com/storing-passwords-...secure-way -> https://metacpan.org/pod/Crypt::PBKDF2 -> "the number of iterations encoded with MIME::Base64"

Code:
$ echo AAAD6A== | base64 -d | xxd -p
000003e8

0x03e8 (hex) == 1000 (dec)



or just use a perl script:
Code:
perl -MMIME::Base64 -e 'print unpack ("L>", decode_base64 ("AAAD6A")) . "\n"'
1000
Reply
#3
Thank you.
Reply