[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Decrypting SHA encrypted passwords?



That's correct.

If you are looking to use the password attributes that are stored within LDAP in some other context (i.e. retrieve them and use them for authentication to an FTP server), you are not likely to find success. SHA1 and the other algorithms used are strictly one way (i.e. hashing functions).

There may be a way to configure LDAP to use a reversible algorithm, but I doubt it.

That means, (1) either have the user supply the password or (2) store the external resource password in another form in a different attribute that is only retrievable in an authenticated context

- Nick

At 06:13 PM 25/02/2001, Adam Shand wrote:

> How does an application that does not do any password
> encrypting/decrypting on its own, such as a script using LDAPSEARCH,
> get access to LDAP passwords to use in a clear-text context such as
> FTP?

i believe the way that this works is that the application passes the
password in clear text to the ldap search which then encrypts the clear
text password (based of the seed), does a comparision to see if it matches
and then returns sucess or failure ot the application which in turn then
allows or disallows access.

the other possible way for it to work would be for the application to
request the encrypted password from the server, encrypt the password it's
self and do the comparision internally.  this would require the app to
have read access to all of the users passwords though where the other way
just requires auth access.

adam.