[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Encryption or hash for password?

To: Gerhardus Geldenhuis <gerhardus.geldenhuis@gmail.com>, Marot Laurent <Laurent.Marot@alliacom.com>
Subject: Re: Encryption or hash for password?
From: Howard Chu <hyc@symas.com>
Date: Fri, 15 Mar 2013 09:46:36 -0700
Cc: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
In-reply-to: <CAATm_0qWrzryxmaTdJeoWS2EX-p-QmHJRNjJk6JTFTuc3NcVbw@mail.gmail.com>
References: <CAATm_0oYuBgTLbahFCZo4P9_nfXj7euqD02gVLVtxsrbsmocQg@mail.gmail.com> <8A5E0CC8B6B70641A528A2D22938A48E1D4EE5F0@XCH01-V.alliacom.com> <CAATm_0qWrzryxmaTdJeoWS2EX-p-QmHJRNjJk6JTFTuc3NcVbw@mail.gmail.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:22.0) Gecko/20100101 Firefox/22.0 SeaMonkey/2.19a1

Gerhardus Geldenhuis wrote:

Thanks,
I thought crypt as well... but then I would expect it to look like:
userPassword: {CRYPT}saHW9GdxihkGQ

instead slapcat generates:
userPassword:: skadfjsajf=

Two small differences: there is two :: instead of one and all of the
userPassword entries ends in =.


Read the ldif(5) manpage.


Regards


On 15 March 2013 15:19, Marot Laurent <Laurent.Marot@alliacom.com
<mailto:Laurent.Marot@alliacom.com>> wrote:

    Hello,

    Seems to be base64 encoded {crypt} password

    http://www.openldap.org/faq/data/cache/344.html

    {crxPt}$1$I0(g7lbc$Zp/rgvZBd0eHöndgh0W3L/

    Laurent

    *De :*openldap-technical-bounces@OpenLDAP.org
    [mailto:openldap-technical-bounces@OpenLDAP.org
    <mailto:openldap-technical-bounces@OpenLDAP.org>] *De la part de*
    Gerhardus Geldenhuis
    *Envoyé :* vendredi 15 mars 2013 15:58
    *À :* openldap-technical@openldap.org <mailto:openldap-technical@openldap.org>
    *Objet :* Encryption or hash for password?

    Hi

    I am using the default Ubuntu 12.10 openldap installation and have
    inherited an existing ldap setup. When I do a slapcat -n 1

    It shows userPassword entries as follows:

    userPassword:: e2NyeFB0fSQxJEkwKGc3bGJjJFpwL3JndlpCZDBlSPZuZGdoMFczTC8=

    ( password string has been edited... )

    I am not sure how this is encoded... is there a way to find out? I have
    tried md5 which is currently the default encoding for our servers.

    I have also tried slappasswd with various -h option to see if I can
    recreate the same hash if it is a hash.

    I want to add new users using ldif and would like to encrypt/hash their
    passwords in a similar fashion if possible.

    Any help would be appreciated.

    Regards

    --
    Gerhardus Geldenhuis


    ------------------------------------------------------------------------------

    Le papier est un support de communication naturel, renouvelable et
    recyclable. Si vous devez imprimer ce mail, n’oubliez pas de le recycler.




--
Gerhardus Geldenhuis



--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

References:
- Encryption or hash for password?
  - From: Gerhardus Geldenhuis <gerhardus.geldenhuis@gmail.com>
- Re: Encryption or hash for password?
  - From: Gerhardus Geldenhuis <gerhardus.geldenhuis@gmail.com>

Prev by Date: Lua wrapper for LMDB
Next by Date: Re: Lua wrapper for LMDB
Index(es):
- Chronological
- Thread