[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Confused 'bout diff. between SHA and SSHA

To: Thomas Gagné <tgagne@wideopenwest.com>, openldap list <openldap-software@OpenLDAP.org>
Subject: Re: Confused 'bout diff. between SHA and SSHA
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Tue, 23 Mar 2004 13:55:59 -0800
Content-disposition: inline
In-reply-to: <4060AC09.8050905@wideopenwest.com>
References: <4060956A.4030505@wideopenwest.com> <4060AC09.8050905@wideopenwest.com>

--On Tuesday, March 23, 2004 4:28 PM -0500 Thomas Gagné <tgagne@wideopenwest.com> wrote:

So why do I get a different digest each time I call slappasswd -s secret?
tgagne:/home/tgagne slappasswd -s secret

    gagne:/home/tgagne slappasswd -h '{SSHA}' -s secret
    {SSHA}HaK1iRahBcSkOKzavdHujMK3lYKsZv59
    tgagne:/home/tgagne slappasswd -s secret
    {SSHA}CdFY35ww1HiGpgRS5TwqF9BV0nfdQjTm
    tgagne:/home/tgagne slappasswd -s secret
    {SSHA}NeIoSpZJp32nahnqsFuDDX7jezbDskDE

And what hope is there of supplying the proper password on a subsequent
bind?

Usually hashes are constructed using random data at the time. I'd assume you have a different salt each time to construct the HASH. So you get different hashes that will still hash out to the password supplied correctly when you actually bind.

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/TSS/Computing Systems
ITSS/TSS/Infrastructure Operations
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

References:
- Confused 'bout diff. between SHA and SSHA
  - From: Thomas Gagné <tgagne@wideopenwest.com>
- Re: Confused 'bout diff. between SHA and SSHA
  - From: Thomas Gagné <tgagne@wideopenwest.com>

Prev by Date: Re: How to confirm --enable-local
Next by Date: Re: How to confirm --enable-local
Index(es):
- Chronological
- Thread