This is probably OT but I am not having much
luck with google.
How can I create SSHA512 strings? I have been using either a php script
or slappasswd
to create SSHA password but not sure how to do SSHA512. openssl can
create the
SHA512 digest but I am not sure how to add the random seed bit. My
question probably
illuminate my lack of understanding of the subject.
Why are you pre-hashing passwords?* You can set the password storage
scheme to SSHA512 in 389 and provide a cleartext userPassword value to
the server and it will hash it for you.
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
09-22-2010, 06:55 PM
Ulf Weltman
SSHA and friends
On 9/22/2010 11:33 AM, Nathan Kinder wrote:
On 09/22/2010 10:45 AM, Gerrard Geldenhuis wrote:
Hi
This is probably OT but I am not having
much
luck with google.
How can I create SSHA512 strings? I have been using either a
php script
or slappasswd
to create SSHA password but not sure how to do SSHA512.
openssl can
create the
SHA512 digest but I am not sure how to add the random seed
bit. My
question probably
illuminate my lack of understanding of the subject.
Why are you pre-hashing passwords?* You can set the password
storage
scheme to SSHA512 in 389 and provide a cleartext userPassword
value to
the server and it will hash it for you.
If generating LDIF with pre-hashed passwords or resetting a lost
nsslapd-rootpw or something like that, you can use the pwdhash
utility that comes with 389 DS:
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
09-22-2010, 06:56 PM
Brandon G
SSHA and friends
Nathan Kinder wrote:
On 09/22/2010 10:45 AM, Gerrard Geldenhuis wrote:
Hi
This is probably OT but I am not having much
luck with google.
How can I create SSHA512 strings? I have been using either a php script
or slappasswd
to create SSHA password but not sure how to do SSHA512. openssl can
create the
SHA512 digest but I am not sure how to add the random seed bit. My
question probably
illuminate my lack of understanding of the subject.
Why are you pre-hashing passwords?* You can set the password storage
scheme to SSHA512 in 389 and provide a cleartext userPassword value to
the server and it will hash it for you.
Actually, as a side note I would like to know how the format of {SSHA}
and friends compare to the conventional unix $1$seed$hash for MD5,
$2$seed$hash etc and so forth.* Notably, is it possible to convert a
$1$xxxx into a {MD5...} or similar hash.* Where is the Seed in SSHA?*
Is it a fixed length?
-Brandon
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
09-22-2010, 07:20 PM
Rich Megginson
SSHA and friends
Gerrard Geldenhuis wrote:
>
> Hi
>
> This is probably OT but I am not having much luck with google. How can
> I create SSHA512 strings? I have been using either a php script or
> slappasswd to create SSHA password but not sure how to do SSHA512.
> openssl can create the SHA512 digest but I am not sure how to add the
> random seed bit. My question probably illuminate my lack of
> understanding of the subject.
>
Why do you want to create SSHA512 strings? If for the userPassword
values, you should only send userPassword in clear text to the directory
server and let the directory server hash the password.
>
>
>
> Best Regards
>
>
> __________________________________________________ ______________________
> In order to protect our email recipients, Betfair Group use SkyScan from
> MessageLabs to scan all Incoming and Outgoing mail for viruses.
>
> __________________________________________________ ______________________
> ------------------------------------------------------------------------
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
09-22-2010, 07:22 PM
Rich Megginson
SSHA and friends
Brandon G wrote:
> Nathan Kinder wrote:
>> On 09/22/2010 10:45 AM, Gerrard Geldenhuis wrote:
>>>
>>> Hi
>>>
>>> This is probably OT but I am not having much luck with google. How
>>> can I create SSHA512 strings? I have been using either a php script
>>> or slappasswd to create SSHA password but not sure how to do
>>> SSHA512. openssl can create the SHA512 digest but I am not sure how
>>> to add the random seed bit. My question probably illuminate my lack
>>> of understanding of the subject.
>>>
>> Why are you pre-hashing passwords? You can set the password storage
>> scheme to SSHA512 in 389 and provide a cleartext userPassword value
>> to the server and it will hash it for you.
>
>
> Actually, as a side note I would like to know how the format of {SSHA}
> and friends compare to the conventional unix $1$seed$hash for MD5,
> $2$seed$hash etc and so forth. Notably, is it possible to convert a
> $1$xxxx into a {MD5...} or similar hash.
389 does support MD5 and Salted (SMD5) hashes, specifically for
migration purposes. What format does $1$xxxx use?
> Where is the Seed in SSHA?
At the end.
> Is it a fixed length?
Yes, 8 bytes.
But note that you cannot convert MD5 to (S)SHA.
>
> -Brandon
> ------------------------------------------------------------------------
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
09-22-2010, 07:26 PM
Brandon G
SSHA and friends
Rich Megginson wrote:
> 389 does support MD5 and Salted (SMD5) hashes, specifically for
> migration purposes. What format does $1$xxxx use?
>
It has been used in unix for some time now. $1$SEED$HASH is MD5;
depending upon what OS you use the number differs in the hash. Years
ago I rewrote crypt for FreeBSD to use $3$ for SHA1. I know Redhat is
now using $6$ for a form of SHA, I don't know which one.
>> Where is the Seed in SSHA?
>>
> At the end.
>
>> Is it a fixed length?
>>
> Yes, 8 bytes.
>
> But note that you cannot convert MD5 to (S)SHA.
Where is the standard that defines what the hash format is for the
various {types} ?
This is basically to make migration easier, if I could reformat a
"$1$seed$hash" into "{SMD5}hashseed"? and stuff it into userPassword,
the users have no disruption.
-Brandon
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
09-22-2010, 07:30 PM
Rich Megginson
SSHA and friends
Brandon G wrote:
> Rich Megginson wrote:
>
>> 389 does support MD5 and Salted (SMD5) hashes, specifically for
>> migration purposes. What format does $1$xxxx use?
>>
>>
>
> It has been used in unix for some time now. $1$SEED$HASH is MD5;
> depending upon what OS you use the number differs in the hash. Years
> ago I rewrote crypt for FreeBSD to use $3$ for SHA1. I know Redhat is
> now using $6$ for a form of SHA, I don't know which one.
>
>
>>> Where is the Seed in SSHA?
>>>
>>>
>> At the end.
>>
>>
>>> Is it a fixed length?
>>>
>>>
>> Yes, 8 bytes.
>>
>> But note that you cannot convert MD5 to (S)SHA.
>>
>
>
> Where is the standard that defines what the hash format is for the
> various {types} ?
>
> This is basically to make migration easier, if I could reformat a
> "$1$seed$hash" into "{SMD5}hashseed"? and stuff it into userPassword,
> the users have no disruption.
>
{SMD5}hashseed might just work.
> -Brandon
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
09-23-2010, 07:47 AM
Rudolf Hatheyer
SSHA and friends
Hi Gerrad,
I use php in my self written usermanagement webapp.
Here a code snippet (part of a utility class) which works for me:
protected function generateSSHAHash($plaintext) {
mt_srand((double)microtime()*1000000);
Gerrard Geldenhuis wrote:
>
> Hi
>
> This is probably OT but I am not having much luck with google. How can
> I create SSHA512 strings? I have been using either a php script or
> slappasswd to create SSHA password but not sure how to do SSHA512.
> openssl can create the SHA512 digest but I am not sure how to add the
> random seed bit. My question probably illuminate my lack of
> understanding of the subject.
>
>
>
> Best Regards
>
>
> __________________________________________________ ______________________
> In order to protect our email recipients, Betfair Group use SkyScan from
> MessageLabs to scan all Incoming and Outgoing mail for viruses.
>
> __________________________________________________ ______________________
> ------------------------------------------------------------------------
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
SSHA and friends
