[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Encryption or hash for password?

To: <openldap-technical@openldap.org>
Subject: Re: Encryption or hash for password?
From: Wes Hardin <wes.hardin@maximintegrated.com>
Date: Fri, 15 Mar 2013 10:36:23 -0500
In-reply-to: <CAATm_0oYuBgTLbahFCZo4P9_nfXj7euqD02gVLVtxsrbsmocQg@mail.gmail.com>
Organization: Maxim Integrated
References: <CAATm_0oYuBgTLbahFCZo4P9_nfXj7euqD02gVLVtxsrbsmocQg@mail.gmail.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130308 Thunderbird/17.0.4

On 03/15/2013 09:58 AM, Gerhardus Geldenhuis wrote:
> Hi
> I am using the default Ubuntu 12.10 openldap installation and have inherited an
> existing ldap setup. When I do a slapcat -n 1
> 
> It shows userPassword entries as follows:
> 
> userPassword:: e2NyeFB0fSQxJEkwKGc3bGJjJFpwL3JndlpCZDBlSPZuZGdoMFczTC8=
> 
> ( password string has been edited... )
> 
> I am not sure how this is encoded... is there a way to find out? I have tried
> md5 which is currently the default encoding for our servers.
> 
> I have also tried slappasswd with various -h option to see if I can recreate the
> same hash if it is a hash. 
> 
> I want to add new users using ldif and would like to encrypt/hash their
> passwords in a similar fashion if possible.
> 
> Any help would be appreciated.

The double colon after the attribute name means it's Base64 encoded.  So decode
the base64 and you end up with this:

{crxPt}$1$I0(g7lbc$Zp/rgvZBd0eHÃndgh0W3L/

which after your mangling still appears to be a CRYPT-MD5 password.

/* Wes Hardin */

References:
- Encryption or hash for password?
  - From: Gerhardus Geldenhuis <gerhardus.geldenhuis@gmail.com>

Prev by Date: Encryption or hash for password?
Next by Date: Re: Encryption or hash for password?
Index(es):
- Chronological
- Thread