[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Encryption or hash for password?



On 03/15/2013 09:58 AM, Gerhardus Geldenhuis wrote:
> Hi
> I am using the default Ubuntu 12.10 openldap installation and have inherited an
> existing ldap setup. When I do a slapcat -n 1
> 
> It shows userPassword entries as follows:
> 
> userPassword:: e2NyeFB0fSQxJEkwKGc3bGJjJFpwL3JndlpCZDBlSPZuZGdoMFczTC8=
> 
> ( password string has been edited... )
> 
> I am not sure how this is encoded... is there a way to find out? I have tried
> md5 which is currently the default encoding for our servers.
> 
> I have also tried slappasswd with various -h option to see if I can recreate the
> same hash if it is a hash. 
> 
> I want to add new users using ldif and would like to encrypt/hash their
> passwords in a similar fashion if possible.
> 
> Any help would be appreciated.

The double colon after the attribute name means it's Base64 encoded.  So decode
the base64 and you end up with this:

{crxPt}$1$I0(g7lbc$Zp/rgvZBd0eHÃndgh0W3L/

which after your mangling still appears to be a CRYPT-MD5 password.

/* Wes Hardin */