Error: "System.ArgumentException: Invalid salt revision at BCrypt.HashPassword(String password, String salt) at BCrypt.CheckPassword(String plaintext, String hashed) at BCryptPwdChk.Main(String args)
This error occurs when TPAM does not support the encyption hash that the user is using on the target system.
If the target is using blowfish encryption (id of $2a,$2x,$2y)
In /etc/shadow file: the following are seen for the problematic users.
The following hotfix adds support for these hashes in 2.3.761 - 2.4.804.
2.5.x supports theses hashes, no hotfix is required.
Issue fixed by Hotfix_3997.zip
Valid for 2.3.761 - 2.4.804
Updates support for Blowfish hashes. Now supports $2a,$2x,$2y hashes.
If salt is a character string starting with the characters "$id$" followed by a string terminated by "$": $id$salt$encrypted
then instead of using the DES machine, id identifies the encryption method used and this then determines how the rest of the password string is interpreted. The following values of id are supported:
ID | Method
1 | MD5
2a | Blowfish, system-specific on 8-bit chars
2y | Blowfish, correct handling of 8-bit chars
5 | SHA-256 (since glibc 2.7)
6 | SHA-512 (since glibc 2.7)
So $5$salt$encrypted is an SHA-256 encoded password and $6$salt$encrypted is an SHA-512 encoded one.
"salt" stands for the up to 16 characters following "$id$" in the salt. The encrypted part of the
password string is the actual computed password. The size of this string is fixed:
MD5 | 22 characters
SHA-256 | 43 characters
SHA-512 | 86 characters