[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSHA for rootdn issue



Hi Jörg,

On Monday 11 August 2003 20:15, joerg@schuetter.org wrote:
> Peter Marschall <peter@adpm.de> wrote:
> > On Friday 08 August 2003 22:42, joerg@schuetter.org wrote:
> > > base64 decoded password results in: '{CRYPT}LS..2vtaMyelg', but
> > > crypt.crypt('secret', 'LS') (generate crypt with seed 'LS') results
> > > 'LSgOjE04PUmqs'. Is there a reason for using bas64 coded strings?
> >
> > Although I am not the original poster, I think I can answer your last
> > question.
> > When doing a ldapsearch, user passwords are returned base 64 encoded.
> > I don't know the exact reason for this behaviour but I assume it's the
> > curly braces that make ldapsearch behave this way.
>
> I sniffed the traffic between OpenLdap 2.1.22 (Debian sid) and gq (also
> Debian sid). The passwort is delivered in plain, no encoding.

I talked about the output of ldapsearch, the command line tool.
And it's output is definitely base64-encoded for characters
that cannot be displayed in plain ASCII.
But ldapsearch also base64-encodes values that contain characters in the
range 0x20 - 0x7f, which is perfectly O.K. but made the original poster 
wonder.
With respect to this I assumed it was the curly braces that caused this 
behaviour.

How the data is on the wire was not part of the discussion.

Peter

-- 
Peter Marschall
eMail: peter@adpm.de