[389-devel] Please review: Bug 518520 - pre hashed salted passwords do not work
Rich Megginson
rmeggins at redhat.com
Thu Aug 20 17:38:52 UTC 2009
https://bugzilla.redhat.com/show_bug.cgi?id=518520
Resolves: bug 518520
Bug Description: pre hashed salted passwords do not work
Reviewed by: ???
Files: see diff
Branch: HEAD and 1.2
Fix Description: Pre-hashed passwords may not use the standard internal
salt length. The old
ldif base64 decode function would return the number of bytes in the
decoded
string - the new NSPR function does not. We can't use strlen on the
decoded
value since it is binary and may contain nulls. The solution is to
use a
function to calculate exactly how many bytes the encode string will have
when decoded, taking into account padding. Since we know exactly
how many
bytes are decoded, and we know exactly how many bytes of that
decoded value
are the hash, the remainder must be the salt, however many bytes
that is.
I tested this code with salt lengths from 1 to 99.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
https://bugzilla.redhat.com/attachment.cgi?id=358138&action=diff
More information about the Fedora-directory-devel
mailing list