[Fedora-directory-users] userPassword, base64 and hashing

Plummer, Christina E. Christina.Plummer at energyeast.com
Thu Dec 6 17:08:40 UTC 2007 

The first page is giving hex-encoded output of the SHA1 digest, and then
the second page gave you a base64-encoded output of the hex.  Directory
Server never bothers to convert it to hex.

A slightly wordy Perl one-liner illuminates this:

perl -e 'use MIME::Base64; use Digest::SHA1  qw(sha1 sha1_hex);
$string="password"; print "Base64:\n\t", encode_base64( sha1($string) );
print "Hex:\n\t",sha1_hex($string),"\n"; print "Base64 of Hex:\n\t",
encode_base64( sha1_hex($string) ); '
Base64:
        W6ph5Mm5Pz8GgiULbPgzG37mj9g=
Hex:
        5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
Base64 of Hex:
        NWJhYTYxZTRjOWI5M2YzZjA2ODIyNTBiNmNmODMzMWI3ZWU2OGZkOA==

Hope that helps.


-----Original Message-----
From: fedora-directory-users-bounces at redhat.com
[mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Mike C
Sent: Wednesday, December 05, 2007 8:43 PM
To: General discussion list for the Fedora Directory server project.
Subject: [Fedora-directory-users] userPassword, base64 and hashing

Hi,

I'm trying to figure out why:

plaintext password is: password

My ldif export of the database shows:

userPassword: {SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=

Now, working backwards:
http://www.fileformat.info/tool/hash.htm?text=password

SHA-1  	5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
Base64 of 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 is:
NWJhYTYxZTRjOWI5M2YzZjA2ODIyNTBiNmNmODMzMWI3ZWU2OGZkOA== (Via
http://makcoder.sourceforge.net/demo/base64.php)

NWJhYTYxZTRjOWI5M2YzZjA2ODIyNTBiNmNmODMzMWI3ZWU2OGZkOA== is not
W6ph5Mm5Pz8GgiULbPgzG37mj9g=, so I'm left wondering what is wrong.
Should I be using something other than base64? If I decode
W6ph5Mm5Pz8GgiULbPgzG37mj9g=, it doesn't even look at all like a SHA-1
value. Password encryption is set on the server to SHA (not SSHA).

I've searched the Fedora Directory Server docs and can't find any
explanation on how userPassword works in this regard (As an aside,
anyone noticed that Google doesn't seem to like indexing the docs very
much?).

What am I doing wrong? Also, if I used SSHA, where would I find the
salt from, assuming it's even possible?

Thanks,

Mike

--
Fedora-directory-users mailing list
Fedora-directory-users at redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users

More information about the Fedora-directory-users mailing list