You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@syncope.apache.org by "Yann Diorcet (JIRA)" <ji...@apache.org> on 2014/06/20 16:57:24 UTC

[jira] [Created] (SYNCOPE-513) Salted cipher algorithms incompatible interoperability with OpenDJ

Yann Diorcet created SYNCOPE-513:
------------------------------------

             Summary: Salted cipher algorithms incompatible interoperability with OpenDJ
                 Key: SYNCOPE-513
                 URL: https://issues.apache.org/jira/browse/SYNCOPE-513
             Project: Syncope
          Issue Type: Bug
          Components: core
    Affects Versions: 1.1.8
         Environment: OpenDJ as LDAP
            Reporter: Yann Diorcet


In PasswordEncoder class the salt mechanism configuration is hardcoded
If the LDAP doesn't use the same salt mechanism configuration, the password can't be matched during authentication.

For example SSHA digest from OpenDJ uses a suffixed 8 bytes salt (in hash and plan)

Original:
            digester.setIterations(100000);
            digester.setSaltSizeBytes(16);

Modified for OpenDJ
            digester.setIterations(1);
            digester.setSaltSizeBytes(8);
            digester.setInvertPositionOfPlainSaltInEncryptionResults(true);
            digester.setInvertPositionOfSaltInMessageBeforeDigesting(true);

Maybe adding a way to configure custom cipher algorithms will allow more widespread interoperability with existing LDAPv3 implementations in the market





--
This message was sent by Atlassian JIRA
(v6.2#6252)