[389-users] SSHA and friends
Rich Megginson
rmeggins at redhat.com
Wed Sep 22 19:22:46 UTC 2010
Brandon G wrote:
> Nathan Kinder wrote:
>> On 09/22/2010 10:45 AM, Gerrard Geldenhuis wrote:
>>>
>>> Hi
>>>
>>> This is probably OT but I am not having much luck with google. How
>>> can I create SSHA512 strings? I have been using either a php script
>>> or slappasswd to create SSHA password but not sure how to do
>>> SSHA512. openssl can create the SHA512 digest but I am not sure how
>>> to add the random seed bit. My question probably illuminate my lack
>>> of understanding of the subject.
>>>
>> Why are you pre-hashing passwords? You can set the password storage
>> scheme to SSHA512 in 389 and provide a cleartext userPassword value
>> to the server and it will hash it for you.
>
>
> Actually, as a side note I would like to know how the format of {SSHA}
> and friends compare to the conventional unix $1$seed$hash for MD5,
> $2$seed$hash etc and so forth. Notably, is it possible to convert a
> $1$xxxx into a {MD5...} or similar hash.
389 does support MD5 and Salted (SMD5) hashes, specifically for
migration purposes. What format does $1$xxxx use?
> Where is the Seed in SSHA?
At the end.
> Is it a fixed length?
Yes, 8 bytes.
But note that you cannot convert MD5 to (S)SHA.
>
> -Brandon
> ------------------------------------------------------------------------
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
More information about the 389-users
mailing list