We're developing a Blockchain deployment solution kotal, and generating -rpcauth argument from the supplied user name and password.
The problem is when we try to use the same user and password using curl, it writes ThreadRPCServer incorrect password attempt from 127.0.0.1:55566.
Here's how we're generating -rpcauth from password in golang.
user := "kotal"
password = "s3cr3t"
salt := make([]byte, 16)
rand.Read(salt)
hash := hmac.New(sha256.New, salt)
hash.Write([]byte(password))
rpcauth := fmt.Sprintf("%s:%x$%x", user, salt, hash.Sum(nil))
What's wrong with our golang implementation ?