Jenkins access control is divided into: security domain (i.e. authentication) and authorization policy. Among them, the security domain can be used in three forms: Jenkins proprietary user database, LDAP, servlet container proxy.
location of data information for Jenkins proprietary users: <JENKINS_HOME> /users/The relevant information for each user is stored in the Config. config file:<JENKINS_HOME>/users/<user>/config.xml
In the CONFIG. config filepasswordhash NodeYou can see the Mievenhahi value after the user name is encrypted
So, what kind of encryption does it encrypt? Can the decryption text be clear?
View its source code on GitHub, by keyword#jbcryptThe search locates to Hudsonprivatesecurityrealm.java this file Hudsonprivatesecurityrealm.java detailed path is: Jenkins/core/src/main/java/hudson /security/hudsonprivatesecurityrealm.java
Through the analysis of the source know: 1, the format of ciphertext: Salt:Encpass,Where #jbcrypt is used to represent salt as the data header 2, plaintext through the jbcrypt algorithm to obtain ciphertextEncpass
about theJbcrypt:jbcrypt is the Java implementation of the Bcrypt encryption tool. Its API is very simple, the demo is as follows, in the Hudsonprivatesecurityrealm.java can be seen in the encryption and verification using the following API://Hash A password for the first time
String hashed = BCRYPT.HASHPW (password, bcrypt.gensalt ());
Gensalt ' s log_rounds parameter determines the complexity the work factor are 2**log_rounds, and the default is 10
String hashed = BCRYPT.HASHPW (password, Bcrypt.gensalt (12));
Check that a unencrypted password matches one that has previously been hashed
if (BCRYPT.CHECKPW (candidate, hashed))
System.out.println ("It matches");
Else
System.out.println ("It does not match");
After verifying that the same plaintext is encrypted with Jbcrypt because the salt is generally different, encrypted ciphertext is generally different
About Bcrypt:1, Bcrypt is an irreversible cryptographic algorithm that cannot get plaintext through the decryption text. 2, Bcrypt and other symmetric or asymmetric encryption method is different, not directly decrypted to get plaintext, nor two times encryption compared ciphertext, but the plaintext and stored ciphertext one operation to get another cipher, if the two ciphertext is the same verification success.
In conclusion, Jenkins proprietary user database uses Jbcrypt encryption, Jbcrypt encryption is irreversible, and encryption results for the same plaintext are generally different.
A brief analysis on the encryption algorithm of Jenkins proprietary user database
