Hi all, With FDS, I created the user red (password red) and this is the code LDIF that I exported from FDS: dn: uid=red,ou=Other,ou=Students,ou=People,dc=xxxxx,dc=xx uid: red givenName: red objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson sn: red cn: red red userPassword: {MD5}valkOsZgFyKijyOHFCdNpA== creatorsName: cn=root modifiersName: cn=root createTimestamp: 20080326114136Z modifyTimestamp: 20080326114136Z nsUniqueId: 73d76881-fb2911dc-8017dffc-71a7a144
But if I create, with the MD5sum utility, the MD5(red), I got 1098e2cb1442f45f8ca2e74e1cd24bd0 Why? It isn't the same algoritme? In the FDS I must have the same value of MD5sum utility. How can I do? Thanks luigi
______________________________________________
Voce Senza Limiti: chiama in tutta Italia a 0 cent. SOLO 9,90 EURO AL MESE fino al 27/03/08! http://abbonati.tiscali.it/promo/vocesenzalimiti_2603/
If i'm not wrong, this is because these encription algorithms uses an "initialization vector (IV)". It's a chain used to start the encription process and allows that identical texts results in different ciphred text.
Para fedora-directory-users@redhat.co m Luigi Santangelo cc <santangelo.luigi@tiscal i.it> Asunto Enviado por: [Fedora-directory-users] fedora-directory-users-b encryption userPassword ounces@redhat.com Clasificación Uso Interno 26/03/2008 07:48 a.m.
Por favor, responda a Luigi Santangelo <santangelo.luigi@tiscal i.it>; Por favor, responda a "General discussion list for the Fedora Directory server project." <fedora-directory-users@ redhat.com>
Hi all, With FDS, I created the user red (password red) and this is the code LDIF that I exported from FDS: dn: uid=red,ou=Other,ou=Students,ou=People,dc=xxxxx,dc=xx uid: red givenName: red objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson sn: red cn: red red userPassword: {MD5}valkOsZgFyKijyOHFCdNpA== creatorsName: cn=root modifiersName: cn=root createTimestamp: 20080326114136Z modifyTimestamp: 20080326114136Z nsUniqueId: 73d76881-fb2911dc-8017dffc-71a7a144
But if I create, with the MD5sum utility, the MD5(red), I got 1098e2cb1442f45f8ca2e74e1cd24bd0 Why? It isn't the same algoritme? In the FDS I must have the same value of MD5sum utility. How can I do? Thanks luigi
______________________________________________
Voce Senza Limiti: chiama in tutta Italia a 0 cent. SOLO 9,90 EURO AL MESE fino al 27/03/08! http://abbonati.tiscali.it/promo/vocesenzalimiti_2603/
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
======================================================================================== AVISO LEGAL: Esta información es privada y confidencial y está dirigida únicamente a su destinatario. Si usted no es el destinatario original de este mensaje y por este medio pudo acceder a dicha información por favor elimine el mensaje. La distribución o copia de este mensaje está estrictamente prohibida. Esta comunicación es sólo para propósitos de información y no debe ser considerada como propuesta, aceptación ni como una declaración de voluntad oficial de NUCLEO S.A. La transmisión de e-mails no garantiza que el correo electrónico sea seguro o libre de error. Por consiguiente, no manifestamos que esta información sea completa o precisa. Toda información está sujeta a alterarse sin previo aviso.
This information is private and confidential and intended for the recipient only. If you are not the intended recipient of this message you are hereby notified that any review, dissemination, distribution or copying of this message is strictly prohibited. This communication is for information purposes only and shall not be regarded neither as a proposal, acceptance nor as a statement of will or official statement from NUCLEO S.A. . Email transmission cannot be guaranteed to be secure or error-free. Therefore, we do not represent that this information is complete or accurate and it should not be relied upon as such. All information is subject to change without notice.
Ivan Ferreira wrote:
If i'm not wrong, this is because these encription algorithms uses an "initialization vector (IV)".
An IV for MD5? I seriously doubt that. Note that MD5 is not reversible encryption. It's a hash algorithm (one-way encryption). Maybe you're talking about adding a salt? But this would be password scheme {SMD5} not {MD5}.
BTW: {SSHA} should be preferred!
To make things more clear here are good explanations which also apply to FDS: http://www.openldap.org/faq/data/cache/419.html
Ciao, Michael.
An IV for MD5? I seriously doubt that.
Using google I found:
The initialization vector is the value to which the MD5 internal variables are initially set before beginning the hashing process.
Para "General discussion list for the Fedora Directory server Michael Ströder project." michael@stroeder.com <fedora-directory-users@redhat.c Enviado por: om> fedora-directory-users-b cc ounces@redhat.com Asunto 26/03/2008 09:27 a.m. Re: [Fedora-directory-users] encryption userPassword Clasificación Uso Interno Por favor, responda a "General discussion list for the Fedora Directory server project." <fedora-directory-users@ redhat.com>
Ivan Ferreira wrote:
If i'm not wrong, this is because these encription algorithms uses an "initialization vector (IV)".
An IV for MD5? I seriously doubt that. Note that MD5 is not reversible encryption. It's a hash algorithm (one-way encryption). Maybe you're talking about adding a salt? But this would be password scheme {SMD5} not {MD5}.
BTW: {SSHA} should be preferred!
To make things more clear here are good explanations which also apply to FDS: http://www.openldap.org/faq/data/cache/419.html
Ciao, Michael.
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
======================================================================================== AVISO LEGAL: Esta información es privada y confidencial y está dirigida únicamente a su destinatario. Si usted no es el destinatario original de este mensaje y por este medio pudo acceder a dicha información por favor elimine el mensaje. La distribución o copia de este mensaje está estrictamente prohibida. Esta comunicación es sólo para propósitos de información y no debe ser considerada como propuesta, aceptación ni como una declaración de voluntad oficial de NUCLEO S.A. La transmisión de e-mails no garantiza que el correo electrónico sea seguro o libre de error. Por consiguiente, no manifestamos que esta información sea completa o precisa. Toda información está sujeta a alterarse sin previo aviso.
This information is private and confidential and intended for the recipient only. If you are not the intended recipient of this message you are hereby notified that any review, dissemination, distribution or copying of this message is strictly prohibited. This communication is for information purposes only and shall not be regarded neither as a proposal, acceptance nor as a statement of will or official statement from NUCLEO S.A. . Email transmission cannot be guaranteed to be secure or error-free. Therefore, we do not represent that this information is complete or accurate and it should not be relied upon as such. All information is subject to change without notice.
Ivan Ferreira wrote:
An IV for MD5? I seriously doubt that.
Using google I found:
The initialization vector is the value to which the MD5 internal variables are initially set before beginning the hashing process.
Yes, but you won't have to deal with that when generating values for attribute 'userPassword' based on password scheme {MD5} with the help of some MD5 module for your favourite programming language or the md5sum tool. So my answer might have been unprecise regarding crypto science but was meant as practical help for the original poster.
Ciao, Michael.
Luigi Santangelo wrote:
userPassword: {MD5}valkOsZgFyKijyOHFCdNpA== [..] But if I create, with the MD5sum utility, the MD5(red), I got 1098e2cb1442f45f8ca2e74e1cd24bd0
If everything's correct it should be the same binary MD5 value but differently encoded to be ASCII-clean. The value for userPassword is base64-encoded after the password scheme identifier (here {MD5}). The command-line tool md5sum generates hex-byte encoding. Note that I didn't check whether the values you provided above are actually the same binary MD5 value. Take care of possible line-breaks or other white-space chars when using md5sum.
You should probably consider using a decent scripting language instead of command-line tools to generate values for userPassword though.
See also (yes, it also applies to FDS): http://www.openldap.org/faq/data/cache/419.html
Ciao, Michael.
On Wed, Mar 26, 2008 at 12:48:58PM +0100, Luigi Santangelo wrote:
With FDS, I created the user red (password red) and this is the code LDIF that I exported from FDS:
[snip]
userPassword: {MD5}valkOsZgFyKijyOHFCdNpA==
[snip]
But if I create, with the MD5sum utility, the MD5(red), I got 1098e2cb1442f45f8ca2e74e1cd24bd0 Why? It isn't the same algoritme? In the FDS I must have the same value of MD5sum utility. How can I do?
Nothing's wrong. The text "valkOsZgFyKijyOHFCdNpA==" is a base64-encoded version of these bytes [1]: bd a9 64 3a c6 60 17 22 a2 8f 23 87 14 27 4d a4
You seem to have given the md5sum utility the text "red\n", which gives me 1098e2cb1442f45f8ca2e74e1cd24bd0. The md5sum of the text "red" is actually bda9643ac6601722a28f238714274da4, which is what the directory server stored.
Just a guess, but if you're using echo and piping the text through "md5sum" on the command line to do the calculation, be sure you run echo with the "-n" flag so that it doesn't append a newline to the output. Then the results will match.
HTH,
Nalin
[1] "echo valkOsZgFyKijyOHFCdNpA== | openssl base64 -d | od -t x1"
389-users@lists.fedoraproject.org