You are viewing a plain text version of this content. The canonical link for it is here.

Posted to server-dev@james.apache.org by "Brill Pappin (JIRA)" <se...@james.apache.org> on 2004/11/07 05:56:32 UTC

[jira] Created: (JAMES-334) SHA hash incompatable with common generation methods

SHA hash incompatable with common generation methods
----------------------------------------------------

         Key: JAMES-334
         URL: http://nagoya.apache.org/jira/browse/JAMES-334
     Project: James
        Type: Bug
  Components: UsersStore & UsersRepository  
    Versions: 2.2.0    
 Environment: FreeBSD, JDK 1.4.2, MySQL via. C-JDBC
    Reporter: Brill Pappin


This ticket is related to: JAMES-332

It appears the SHA password hash is not compatable with all other methods of generating an SHA hash I've tried. For example:

SELECT SHA("test") in MySQL
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

generates what I'd expect, however:

the remote manager tool sets:
CY9rzUYh03PK3k6DJie0

which doesn't even "look" like SHA.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://nagoya.apache.org/jira/secure/Administrators.jspa
-
If you want more information on JIRA, or have a bug to report see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org

[jira] Commented: (JAMES-334) SHA hash incompatable with common generation methods

Posted by "Daniel Perry (JIRA)" <se...@james.apache.org>.

    [ http://issues.apache.org/jira/browse/JAMES-334?page=comments#action_12318291 ] 

Daniel Perry commented on JAMES-334:
------------------------------------

This is an SHA hash but not in the format you'd expect.
It's a base64 encoded rather than hex (reduces the size).
Its then trimmed of padding.
Some php code to do this is as follows:

function hashPassword($in){
    $pwd=base64_encode(hex2bin(sha1($in)));
    $pwd=substr($pwd,0,strlen($pwd)-4);
    return $pwd;
}

function hex2bin($source) {
    $strlen = strlen($source);
    for ($i=0;$i<strlen($source);$i=$i+2) {
        $bin .= chr(hexdec(substr ($source, $i,2)));
    }
    return $bin;
}


> SHA hash incompatable with common generation methods
> ----------------------------------------------------
>
>          Key: JAMES-334
>          URL: http://issues.apache.org/jira/browse/JAMES-334
>      Project: James
>         Type: Bug
>   Components: UsersStore & UsersRepository
>     Versions: 2.2.0
>  Environment: FreeBSD, JDK 1.4.2, MySQL via. C-JDBC
>     Reporter: Brill Pappin
>     Priority: Minor

>
> This ticket is related to: JAMES-332
> It appears the SHA password hash is not compatable with all other methods of generating an SHA hash I've tried. For example:
> SELECT SHA("test") in MySQL
> a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
> generates what I'd expect, however:
> the remote manager tool sets:
> CY9rzUYh03PK3k6DJie0
> which doesn't even "look" like SHA.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org

[jira] Assigned: (JAMES-334) SHA hash incompatable with common generation methods

Posted by "Norman Maurer (JIRA)" <se...@james.apache.org>.

     [ https://issues.apache.org/jira/browse/JAMES-334?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Norman Maurer reassigned JAMES-334:
-----------------------------------

    Assignee: Norman Maurer

> SHA hash incompatable with common generation methods
> ----------------------------------------------------
>
>                 Key: JAMES-334
>                 URL: https://issues.apache.org/jira/browse/JAMES-334
>             Project: JAMES Server
>          Issue Type: Bug
>          Components: UsersStore & UsersRepository
>    Affects Versions: 2.2.0
>         Environment: FreeBSD, JDK 1.4.2, MySQL via. C-JDBC
>            Reporter: Brill Pappin
>            Assignee: Norman Maurer
>            Priority: Minor
>
> This ticket is related to: JAMES-332
> It appears the SHA password hash is not compatable with all other methods of generating an SHA hash I've tried. For example:
> SELECT SHA("test") in MySQL
> a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
> generates what I'd expect, however:
> the remote manager tool sets:
> CY9rzUYh03PK3k6DJie0
> which doesn't even "look" like SHA.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org

[jira] Commented: (JAMES-334) SHA hash incompatable with common generation methods

Posted by "Brill Pappin (JIRA)" <se...@james.apache.org>.

    [ http://issues.apache.org/jira/browse/JAMES-334?page=comments#action_12318341 ] 

Brill Pappin commented on JAMES-334:
------------------------------------

The problem was that I had to modify James to use the same authentication store as several other applications, and because the alg was so "strange" it caused a real problem.

I don't think that the one it was using was all that bad, but it was very tough to change.

I'd request, at the very least you allow the administrator to specify the method to use... and idealy provide a way for someone to write a custome auth module.



> SHA hash incompatable with common generation methods
> ----------------------------------------------------
>
>          Key: JAMES-334
>          URL: http://issues.apache.org/jira/browse/JAMES-334
>      Project: James
>         Type: Bug
>   Components: UsersStore & UsersRepository
>     Versions: 2.2.0
>  Environment: FreeBSD, JDK 1.4.2, MySQL via. C-JDBC
>     Reporter: Brill Pappin
>     Priority: Minor

>
> This ticket is related to: JAMES-332
> It appears the SHA password hash is not compatable with all other methods of generating an SHA hash I've tried. For example:
> SELECT SHA("test") in MySQL
> a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
> generates what I'd expect, however:
> the remote manager tool sets:
> CY9rzUYh03PK3k6DJie0
> which doesn't even "look" like SHA.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org

[jira] Updated: (JAMES-334) SHA hash incompatable with common generation methods

Posted by "Stefano Bagnara (JIRA)" <se...@james.apache.org>.

     [ http://issues.apache.org/jira/browse/JAMES-334?page=all ]

Stefano Bagnara updated JAMES-334:
----------------------------------

    Description: 
This ticket is related to: JAMES-332

It appears the SHA password hash is not compatable with all other methods of generating an SHA hash I've tried. For example:

SELECT SHA("test") in MySQL
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

generates what I'd expect, however:

the remote manager tool sets:
CY9rzUYh03PK3k6DJie0

which doesn't even "look" like SHA.

  was:
This ticket is related to: JAMES-332

It appears the SHA password hash is not compatable with all other methods of generating an SHA hash I've tried. For example:

SELECT SHA("test") in MySQL
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

generates what I'd expect, however:

the remote manager tool sets:
CY9rzUYh03PK3k6DJie0

which doesn't even "look" like SHA.

       Priority: Minor  (was: Major)

Marked as minor because it currently works and is not blocking. James user db is not designed for interoperability so this is not a Major bug. I don't know wether james SHA or mysql SHA is correct.

> SHA hash incompatable with common generation methods
> ----------------------------------------------------
>
>          Key: JAMES-334
>          URL: http://issues.apache.org/jira/browse/JAMES-334
>      Project: James
>         Type: Bug
>   Components: UsersStore & UsersRepository
>     Versions: 2.2.0
>  Environment: FreeBSD, JDK 1.4.2, MySQL via. C-JDBC
>     Reporter: Brill Pappin
>     Priority: Minor

>
> This ticket is related to: JAMES-332
> It appears the SHA password hash is not compatable with all other methods of generating an SHA hash I've tried. For example:
> SELECT SHA("test") in MySQL
> a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
> generates what I'd expect, however:
> the remote manager tool sets:
> CY9rzUYh03PK3k6DJie0
> which doesn't even "look" like SHA.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org