Use sha256 for password file authentication

https://learninghub.kx.com/forums/topic/use-sha256-for-password-file-authentication

Currently I am using the -u flag on startup to authenticate users, where the password file contains the sha1 hash of their plain text passwords, the sha1 being generated using -33!.

Is it possible to switch out the sha1 for a sha256 algorithm instead, given that I have a loaded a sha256 function from a shared library?

I don’t believe sha256 is supported with -u/-U, however you could instead perhaps use .z.pw to carry out custom validation to the effect of:

1. Read your user:sha256 file in the callback when a connection attempt is made
2. Convert the plain text password from the user to sha256
3. Validate the user with 1b (success) or 0b (failure)

• https://code.kx.com/q/releases/ChangesIn2.4/#zpw
• https://code.kx.com/q/ref/dotz/#zpw-validate-user

Thanks David, yes I was thinking the same, using .z.pw to basically do what I imagine -u is doing 7nder the hood. I just didn’t want to be writing the logic for comparing the users plain text password. Currently with -u, it has the advantage that the logic which does that comparison is inaccessible, so it’s a bit more secure. But if there is no way to overwrite the -33! then defining a .z.pw is the only way to go.