Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What is the hash function used by MongoDB to hash the database user passwords?

In MongoDb use can add user to a database for access control. A user can be inserted with:

db.addUser({ user: "aaaa", pwd: "1234", roles: [...]})

and the inserted user is:

{
    "user" : "aaa",
    "pwd" : "08ccdf34dbb3ca05dcc195e30994b628",
    "roles" : [
        "userAdminAnyDatabase"
    ],
    "_id" : ObjectId("52a88b45965c4e7ad46bb97b")
}

What function does MongoDB use to compute/hash the pwd key?

like image 270
4 revs, 2 users 76% Avatar asked Dec 11 '13 15:12

4 revs, 2 users 76%


People also ask

What hashing algorithm does MongoDB?

cpp in the MongoDB sourcecode, the used hash function is indeed MD5.

Are hash functions used for passwords?

Password hashing is used to verify the integrity of your password, sent during login, against the stored hash so that your actual password never has to be stored. Not all cryptographic algorithms are suitable for the modern industry.

What is MongoDB hash value?

MongoDB hashed indexes truncate floating point numbers to 64-bit integers before hashing. For example, a hashed index would store the same value for a field that held a value of 2.3 , 2.2 , and 2.9 .


1 Answers

The pwd is the hex encoding of MD5( username + ":mongo:" + password_text ).

From the official documentation.

The result does not coincide with the hash you show in your json, but I think you replaced the actual username and password anyway as you add "aaaa" but retrieve "aaa".

like image 174
chk Avatar answered Oct 05 '22 21:10

chk