[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Schema: encrypted 8-bit userPassword and SASLprep

To: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Subject: Re: Schema: encrypted 8-bit userPassword and SASLprep
From: Michael Ströder <michael@stroeder.com>
Date: Fri, 12 Sep 2003 14:57:17 +0200
Cc: ietf-ldapbis@OpenLDAP.org
In-reply-to: <HBF.20030912vnly@bombur.uio.no>
References: <HBF.20030912vnly@bombur.uio.no>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030626

Hallvard B Furuseth wrote:

[Schema] 2.41 (userPassword) says:

   The application SHOULD prepare textual strings used as passwords
   by transcoding them to Unicode, applying SASLprep [SASLprep], and
   encoding as UTF-8.

This is incompatible with passwords written in 8-bit character sets and
stored encrypted in files that cannot easily be decrypted, e.g. Unix
/etc/passwd files.  Since the server does not know the plaintext
passwords, it cannot prepare them as above.

IMHO the password should be encoded as UTF-8 before applying the hash. Maybe the wording is somewhat misleading though I'm not sure.

Note that hashed passwords are non-standard anyway... ;-)

Ciao, Michael.

Follow-Ups:
- Re: Schema: encrypted 8-bit userPassword and SASLprep
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

References:
- Schema: encrypted 8-bit userPassword and SASLprep
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

Prev by Date: Schema: encrypted 8-bit userPassword and SASLprep
Next by Date: Re: Schema: encrypted 8-bit userPassword and SASLprep
Index(es):
- Chronological
- Thread