directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny (JIRA)" <>
Subject [jira] Updated: (DIRSERVER-1375) Support variable length salts for SSHA and SMD5
Date Sat, 13 Jun 2009 09:11:07 GMT


Emmanuel Lecharny updated DIRSERVER-1375:

    Fix Version/s: 1.5.5

We wrongly assumed that the Salt was 8 bytes long, when it's can be of variable size. It should
not be a problem to allow shortest Salt to be used in ADS, as the hashed part is always 20
bytes for SHA1 (16 for MD5). it's just a matter of grabbing the rest of the bytes, and consider
it as the salt.

I will implement that right now.

> Support variable length salts for SSHA and SMD5
> -----------------------------------------------
>                 Key: DIRSERVER-1375
>                 URL:
>             Project: Directory ApacheDS
>          Issue Type: Improvement
>          Components: ldap
>    Affects Versions: 1.5.4
>            Reporter: Stefan Reuter
>             Fix For: 1.5.5
> ApacheDS requires the salt of SSHA passwords to be 8 bytes. OpenLDAP uses 4 bytes for
the salt. Migrating from OpenLDAP to ApacheDS thus causes problems as users are unable to
bind if their userpassword uses a salted password scheme.
> Please support variable length salts in ApacheDS so it is also possible to bind with
a SSHA (or SMD5) password that contain a 4 byte salt.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message