[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: MD5 password issue



Alejandro Acosta wrote:
>   In mysql I have a user with the password 2 (just the number) where the 
> resulting md5 hash is: 
> c81e728d9d4c2f636f067f89cc14862c (this is the string stored in mysql). 
> [..]
> userPassword: {MD5}c81e728d9d4c2f636f067f89cc14862c

Likely this is wrong. See my posting sent to list ldap@umich.edu a
couple of weeks ago attached below.

Ciao, Michael.

-- 
Michael Ströder
E-Mail: michael@stroeder.com
http://www.stroeder.com

-------- Original Message --------
Subject: [ldap] Re: mysql and ldap password encryption
Date: Thu, 07 Jul 2005 11:48:55 +0200
From: Michael Ströder <michael@stroeder.com>
To: ldap@umich.edu
References: <42CCEB54.9010609@meridiantelekoms.com>
<8764vnvu5o.fsf@rubin.l4b.de>

Dieter Kluenter wrote:
>
> Joey Esquibal <jaesquibal@meridiantelekoms.com> writes:
>
>>The problem was, the text file which contains the MD5
>>password was generated by MySQL:
>>
>>*mysql*> SELECT *MD5*('testing');
>>        -> 'ae2b1fca515949e5d54fb22b8ed95575'
>>
>>The encrypted MD5 password will then be concatenated to user's ldif:
>>
>>dn: uid=joey, dc=mydomain, dc=com
>>...
>>...
>>...
>>userPassword: {MD5}ae2b1fca515949e5d54fb22b8ed95575
>>                                |
>>				v
>>			value of mysql> SELECT MD5('testing');
>>
>>
>>After creating the ldif file and added to the ldap database, the
>>password is not working anymore. MySQL Calculates an *MD5* 128-bit
>>checksum for the string. The value is returned as a binary string of
>>32 hex digits, or |NULL| if the argument was |NULL|.
>>
>>Pointers are highly appreciated. Really need you expertise on this one.
>
>
> Mismatch of libcrypt or libcryto?

Dieter, this is likely not be relevant for pure MD5 (provided MySQL does
not use libcrypt for calculating MD5 crypt-hash).

I'd guess the problem is that the MD5 is differently encoded in the
userPassword value. The raw 128 bits of MD5 hash must be base64-encoded.

It's worth to have a closer look at the relevant entries in OpenLDAP's
Faq-O-Matic:

  http://www.openldap.org/faq/data/cache/419.html

In Python conversion might look like this (note that it's not tested and
code lines got wrapped in the e-mail):

Python 2.4.1 (#5, Apr 29 2005, 17:00:37)
[GCC 3.3.5 20050117 (prerelease) (SUSE Linux)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> mysql_md5 = 'ae2b1fca515949e5d54fb22b8ed95575'
>>> bin_md5 = ''.join([ chr(int(mysql_md5[i:i+1],16)) for i in
range(0,len(mysql_md5),2)])
>>> import base64
>>> userPassword = '{MD5}'+base64.encodestring(bin_md5).strip()
>>> userPassword
'{MD5}CgIBDAUFBA4NBAsCCA0FBw=='
>>>

Ciao, Michael.