Re: Antw: SSHA hashed passwords && retrieving the salt

[Matthias Apitz <guru@unixarea.de>]

El día Wednesday, January 15, 2014 a las 10:29:21AM +0100, Matthias Apitz escribió:

> > > but when I run the original string through decode, I get only binary 
> > > nonsense from:
> > > 
> > > echo -n 'MgwfkqCnGu2XUvmW3sNnrZ9pV0TJl/CD' | mmencode -u
> > > 2
> > >   §íRùÞÃg-ð
> > 
> > Remember: A byte is 8 bits; any combination. Just count bytes. Maybe this:
> > 
> > echo -n 'MgwfkqCnGu2XUvmW3sNnrZ9pV0TJl/CD' | mmencode -u | hexdump -C
> 
> Thanks for the feedback; I have tried this already before:
> 
> $ echo -n 'MgwfkqCnGu2XUvmW3sNnrZ9pV0TJl/CD' | mmencode -u | od -tx1   
> 0000000    32  0c  1f  92  a0  a7  1a  ed  97  52  f9  96  de  c3  67 ad
> 0000020    9f  69  57  44  c9  97  f0  83          
> 
> but was thinking the salt, the last 4 bytes (0xc997f083) should have
> been in ASCII... do they really seed with binary in LDAP?

... but you are correct! it is the salt and it works fine
when I hash the users clear text pw with this salt "\xc9\x97\xf0\x83"
like this (blanking out the pw with XXXXXXXXXX):

#!/usr/bin/perl
#
use Digest::SHA1;
use MIME::Base64;
$ctx = Digest::SHA1->new;
$ctx->add('XXXXXXXXXX');
$ctx->add("\xc9\x97\xf0\x83");
$hashedPasswd = '{SSHA}' . encode_base64($ctx->digest .  "\xc9\x97\xf0\x83" ,'');
print 'userPassword: ' .  $hashedPasswd . "\n";

it prints the correct SSHA hash:

$ ./sha.pl
userPassword: {SSHA}MgwfkqCnGu2XUvmW3sNnrZ9pV0TJl/CD

Thanks!

	matthias
-- 
Matthias Apitz               |  /"\ ASCII Ribbon Campaign: www.asciiribbon.org
E-mail: guru@unixarea.de     |  \ / - No HTML/RTF in E-mail
WWW: http://www.unixarea.de/ |   X  - No proprietary attachments
phone: +49-170-4527211       |  / \ - Respect for open standards