Password hash
Closed this issue · 1 comments
croghostrider commented
Hi sanau,
amazing work!!!
do you know which hash algorithm Loxone use for saving the passwords?
thanks
regards
sarnau commented
Yes, I do.
In older versions (9 and earlier?) it was just obfuscated. Loxone now uses a one-way hash with a salt. That said, they still use an RC6 obfuscation to protect entries being copied from one user to the next, instead of hashing that information as well.
Not sure why you are interested in this, because you can reset passwords with no problem. Finding out a giving password based on the config file requires breaking SHA1, which pretty much is a brute force attack on the config file. Possible, if you know the algorithm, but not practical.