Server.properties - securing password

Blynk Servers Local Blynk Server
1

Hi Blynkers,

I’m just rebuilding my local server and wondered how to secure my my admin password, rather than storing in plain text. Is this even required?

admin.email=admin@blynk.cc
admin.pass=admin

If I created a password hash, would it just replace the “admin” password?
I think it depends on what Blynk can use to compute the password hash in the first place.

Anyway, any advice would be appreciated… :slight_smile:

2

If you replace your password with the hash… well, your password would be the hash, like $1$O3JMY.Tw$AdkqLjQ/5jXF9.MTp3gHv/ :grin:

As far as I know, you’re stuck with a plain text pw! But as long as you are the sole user of your server I don’t think you’ll have anything to worry about.

3

Hey @distans

I guess if it’s stored as plain text that’s likely true, never thought of that.

When creating a new user on the local server, and entering a simple password, there seems to be some mechanism to create a hash from that. For example see the below user “test” I created, with the password “test” (some data obscured/changed just in case):

{"name":"test@gmail.com","email":"test@gmail.com","appName":"Blynk","region":"local","ip":"10.77.59.2","pass":"RxrQajkwl603k4qd1rDaPAFJN72DNeIk8a7nqGI4fbQ=","lastModifiedTs":1613297531044,"lastLoggedIP":"192.168.1.215","lastLoggedAt":1613297487696,"profile":{"dashBoards":[{"id":1464762962,"parentId":-1,"isPreview":false,"name":"Test projrct","createdAt":1613297531009,"updatedAt":0,"devices":[{"id":0,"name":"Test projrct","boardType":"ESP8266","token":"QZi3yL9X--PaJ6fyyPoQa7hv5SSZQddr","vendor":"Test projrct","connectionType":"WI_FI","status":"OFFLINE","disconnectTime":0,"connectTime":0,"firstConnectTime":0,"dataReceivedAt":0,"isUserIcon":false}],"theme":"Blynk","keepScreenOn":false,"isAppConnectedOn":false,"isNotificationsOff":false,"isShared":false,"isActive":false,"widgetBackgroundOn":false,"color":-1,"isDefaultColor":true}]},"isFacebookUser":false,"isSuperAdmin":false,"energy":1000000,"id":"test@gmail.com-Blynk"}

The password is hashed to "pass":"RxrQajkwl603k4qd1rDaPAFJN72DNeIk8a7nqGI4fbQ="
(also obscured)

What I have done in the meantime is delete the admin@blynk.cc/admin credentials from the server.properties, and create an admin account via the app, which gives a hashed password.

Seems to be further info here, I’ll look into it…

4

On a general note, encryption is way… way… WAY out of my comfort zone!! :smiley:
I’ve mentioned it before: At the moment, I don’t have any “live” Blynk projects (or servers), so I can’t troubleshoot/replicate any problems/errors locally! I’m just trying to add some insight whenever possible. :slight_smile:

Buuuuuuuut (you really have to emphasize the “u”) securing a local server has always been of interest! I’ve posted some of my implementations of iptables that no-one really looked at some years ago! :wink:

Perhaps a language barrier… Me being within the EU and all that, and you’re not! :joy: With “obscured” you mean “truncated”!? A SHA256 hash should be 64 chars if I’m not mistaken!

If you find anything, let me know!!

5

So… this only applies the very first time you login, its basically for building your first user.
After you login, just change the password. As long as the username exists, it will not overwrite the password on reboot.

6

:joy: I would say obscured and truncated in this case!
It’s all interesting to me too, but also a little outside my comfort zone…

That actually makes perfect sense, I think a lot of people might just leave the admin account and add a user account, myself included. I’ll check it out, thanks :+1: