[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: RFC2256: userPassword

To: Howard Chu <hyc@symas.com>
Subject: RE: RFC2256: userPassword
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.Org>
Date: Tue, 29 Jun 1999 14:28:36 -0700
Cc: Robert Allen <robert.allen@eng.Sun.COM>, mcs@netscape.com, paulle@microsoft.com, gomez@lhola.engr.sgi.com, ietf-ldapext@netscape.com
In-reply-to: <000101bec273$70de5880$ce80b8d8@hyc.highlandsun.com>
References: <0FE3009NITTBQK@ha-sims.eng.sun.com>
Resent-date: Tue, 29 Jun 1999 14:37:31 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"zCkEIB.A.qLG.QyTe3"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

At 02:07 PM 6/29/99 -0700, Howard Chu wrote:
>How do you store the key that's used to encrypt
>the userPassword?

When using one-way hash algorithms, you don't decrypt.
The server only needs to record the value of the hash and the salt
(if used).

	if Hash(password, Salt(userPassword)) equals userPassword
		approve
	else
		disapprove

where password is the password supplied with the bind operation,
userPassword is the recorded "encrypted" value, and Salt() extracts
the salt from the recorded value, and Hash generates an "encrypted"
value (with embedded salt).

References:
- Re: RFC2256: userPassword
  - From: Robert Allen <robert.allen@eng.Sun.COM>
- RE: RFC2256: userPassword
  - From: Howard Chu <hyc@symas.com>

Prev by Date: RE: RFC2256: userPassword
Next by Date: RE: RFC2256: userPassword
Index(es):
- Chronological
- Thread