[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SHA Authentication



At 04:22 PM 1/6/99 -0000, Jon Parry-McCulloch wrote:
>Greetings,
>
>I think I may have discovered a small problem with the OpenLDAP SSHA
>authentication.
>
>Now, as far as I understand it, you have a password and a salt. You
>concatenate these, hash them together, append the original salt, and then
>sned the whole shebang, base 64 encoded to the LDAP server. The LDAP server
>can then un-base 64 it and retrieve the salt and the hash. it can then
>retrieve the plain password from the database, append the salt and recreate
>the hash.

Like with the MD5 and SHA1 implementations, the server never stores
the cleartext password.  It compares the hash of provided password
with the hash stored in the directory.

>Now, am I wrong in assuming that OpenLDAP1.1.2 supports only the SHA form
>and not the SSHA form? If so, are there any plans to include the SSHA form
>soon?

Seeded SHA1 and MD5 algorithms will likely be released later this month.

Kurt