I’ve also come across “tiny” (hash) differences that are not compatible between different OS implementations. In this case it’s base-64 for windows, in my case it’s SHA-256 for Huawei switches.
I’ve been contemplating if it would not be wise to allow an OperatingSystem to provide a list of supported encryption methods (and fallback to the current, default, list of available hashing methods) and a way to override their specific implementation if needed as well.
This way, one could have Base-64 specific implementation available on windows but without having to resort to contaminating the total list of encryption methods. The same applies for Huawei and probably others as well. This would keep things clean and lower the amount of total choices which prevents errors/mistakes/slips in the end.
I think we should move admin password encryption to
OperatingSystem model, so it would provide a list of encryption methods available for that specific OS. It would also provide the actual encryption services for the password field once it is supplied by the host.