You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Frank Fischer (JIRA)" <ji...@apache.org> on 2016/01/08 13:21:39 UTC
[jira] [Comment Edited] (DIRSTUDIO-738) Modular Crypt Format Salts
are incorrectly displayed
[ https://issues.apache.org/jira/browse/DIRSTUDIO-738?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15089130#comment-15089130 ]
Frank Fischer edited comment on DIRSTUDIO-738 at 1/8/16 12:21 PM:
------------------------------------------------------------------
Old issue, but I encounter the same problem in all versions up to 2.0.0-M10
The modular crypt format embeds the hashing algorythm used, the salt and the hash.
{code:title=man crypt 3|borderStyle=solid}
ID | Method
─────────────────────────────────────────────────────────
1 | MD5
2a | Blowfish (not in mainline glibc; added in some Linux distributions)
5 | SHA-256 (since glibc 2.7)
6 | SHA-512 (since glibc 2.7)
{code}
{code:title=Example|borderStyle=solid}
$6$af1ae9db$VizZoRwsguLHJsl4cGT4/mJKrcXVemgIVoEGLhRjIH56bMgxcnNlzeL91B9c/jHVI0jZzDircJgYuYc/Jn49.1
$6$ : SHA-512 is used
af1ae9db : Salt
Viz...n49.1 : Hash(shortended for clarification) (cleartext: 'secret')
{code}
If you put now the value from the example into a userPassword field of openLDAP like this
{code}{CRYPT}$6$af1ae9db$VizZoRwsguLHJsl4cGT4/mJKrcXVemgIVoEGLhRjIH56bMgxcnNlzeL91B9c/jHVI0jZzDircJgYuYc/Jn49.1{code}
and openldap is running on a linux sytsem having glibc >= 2.7, the the authentication works, but DirectoryStudio is not able to verifiy the password, nor to display the salt.
Judging from CODEC-133 and reading https://commons.apache.org/proper/commons-codec/apidocs/org/apache/commons/codec/digest/Crypt.html parts of the needed functionality is already available in java.
was (Author: frankfischer):
Old issue, but I encounter the same problem in all versions up to 2.0.0-M10
The modular crypt format embeds the hashing algorythm used, the salt and the hash.
{code:title=man crypt 3|borderStyle=solid}
ID | Method
─────────────────────────────────────────────────────────
1 | MD5
2a | Blowfish (not in mainline glibc; added in some Linux distributions)
5 | SHA-256 (since glibc 2.7)
6 | SHA-512 (since glibc 2.7)
{code}
{code:title=Example|borderStyle=solid}
$6$af1ae9db$VizZoRwsguLHJsl4cGT4/mJKrcXVemgIVoEGLhRjIH56bMgxcnNlzeL91B9c/jHVI0jZzDircJgYuYc/Jn49.1
$6$ : SHA-512 is used
af1ae9db : Salt
Viz...n49.1 : Hash(shortended for clarification)
{code}
If you put now the value from the example into a userPassword field of openLDAP like this
{code}{CRYPT}$6$af1ae9db$VizZoRwsguLHJsl4cGT4/mJKrcXVemgIVoEGLhRjIH56bMgxcnNlzeL91B9c/jHVI0jZzDircJgYuYc/Jn49.1{code}
and openldap is running on a linux sytsem having glibc >= 2.7, the the authentication works, but DirectoryStudio is not able to verifiy the password, nor to display the salt.
Judging from CODEC-133 and reading https://commons.apache.org/proper/commons-codec/apidocs/org/apache/commons/codec/digest/Crypt.html parts of the needed functionality is already available in java.
> Modular Crypt Format Salts are incorrectly displayed
> ----------------------------------------------------
>
> Key: DIRSTUDIO-738
> URL: https://issues.apache.org/jira/browse/DIRSTUDIO-738
> Project: Directory Studio
> Issue Type: Bug
> Components: studio-ldapbrowser
> Affects Versions: 1.5.3
> Environment: Ubuntu 11.04, Eclipse Indigo
> Reporter: Justin Dugger
> Priority: Minor
>
> CRYPT passwords embed multiple values into a single field, in particular the algorithm and the salt used. This method is known as Modular Crypt Format
> http://www.tummy.com/journals/entries/jafo_20110117_054918
> When given a userPassword field described using this system, the "show password details" display on the value editor gets the salt wrong and fails to verify.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)