[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SHA Authentication

To: Jon Parry-McCulloch <John.Parry-McCulloch@liffe.com>
Subject: Re: SHA Authentication
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Wed, 06 Jan 1999 08:54:30 -0800
Cc: openldap-general@OpenLDAP.org
In-reply-to: <5915EFC32C30D111AAE500805F15F0C20293C4AD@ntprdex3.liffe.co m>

At 04:22 PM 1/6/99 -0000, Jon Parry-McCulloch wrote:
>Greetings,
>
>I think I may have discovered a small problem with the OpenLDAP SSHA
>authentication.
>
>Now, as far as I understand it, you have a password and a salt. You
>concatenate these, hash them together, append the original salt, and then
>sned the whole shebang, base 64 encoded to the LDAP server. The LDAP server
>can then un-base 64 it and retrieve the salt and the hash. it can then
>retrieve the plain password from the database, append the salt and recreate
>the hash.

Like with the MD5 and SHA1 implementations, the server never stores
the cleartext password.  It compares the hash of provided password
with the hash stored in the directory.

>Now, am I wrong in assuming that OpenLDAP1.1.2 supports only the SHA form
>and not the SSHA form? If so, are there any plans to include the SSHA form
>soon?

Seeded SHA1 and MD5 algorithms will likely be released later this month.

Kurt

Prev by Date: Re: SHA Authentication
Next by Date: RE: SHA Authentication
Index(es):
- Chronological
- Thread