[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Storing of passwords



At 05:45 AM 5/18/01, Jakob Breivik Grimstveit wrote:
>I'm using some Javacode for generation LDAP passwords.

If you are storing RFC 2256 userPassword values, a portable
client should just provide the password in cleartext or, if
the server supports it, use the modify password extended
operation (RFC 3060] to change the password.

If you really must implement RFC 2307 (experimental) passwords
in your client, I suggest you look at the FAQ and documents
it links for examples.
  http://www.openldap.org/faq/index.cgi?file=419

This Netscape technote is also quite useful (and is noted in our
FAQ):
  http://developer.netscape.com:80/docs/technote/ldap/pass_sha.html

In looking at your code, it seems you have not base64 encoded
the SHA-1 hash.

Kurt

>Is this code
>sufficient? Or is there anything else I've got to do?
>
>There seems to be some differences in the way the passwords are stored,
>using an LDAPbrowser compared with my java code.
>
>private String encryptPassword(String toEncrypt) {
>    byte[] hash=toEncrypt.getBytes();
>
>    try {
>        MessageDigest sha = MessageDigest.getInstance ("SHA");
>        sha.update(toEncrypt.getBytes());
>        toEncrypt=new String(sha.digest());
>    } catch (NoSuchAlgorithmException nsae) {
>        System.out.println("LDAPInterface | NoSuchAlgorithmException: "
>+ nsae);
>    }
>    return toEncrypt;
>}
>
>It returns something like 'CÀsOE}§Ïd.ËvíÇsQs"?'
>
>Is this correct? Do I have to prepend something? Is the encryption
>algorithm correct (using SHA-1)?
>
>Looking forward to some helpful replies!
>
>
>- Vyrdsamt...
>- Jakob Breivik Grimstveit, jakob@grimstveit.net, www.grimstveit.net
>- Morvikbotn 341, 5121 Ulset, tlf: 55195667, mob: 98833857
>- Applikasjonsutvikler, Reaktor AS, jakob.grimstveit@reaktor.no,
>55557484
>
>"I love deadlines. I love the whooshing noise they make as they go by."
>-Douglas Adams