On 09/22/2010 10:45 AM, Gerrard Geldenhuis wrote: > > Hi > > This is probably OT but I am not having much luck with google. How > can I create SSHA512 strings? I have been using either a php script > or slappasswd to create SSHA password but not sure how to do SSHA512. > openssl can create the SHA512 digest but I am not sure how to add the > random seed bit. My question probably illuminate my lack of > understanding of the subject. > Why are you pre-hashing passwords? You can set the password storage scheme to SSHA512 in 389 and provide a cleartext userPassword value to the server and it will hash it for you.

> Best Regards > > > ________________________________________________________________________ > In order to protect our email recipients, Betfair Group use SkyScan from > MessageLabs to scan all Incoming and Outgoing mail for viruses. > > ________________________________________________________________________ > > > -- > 389 users mailing list > 389-users(a)lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users

Nathan Kinder wrote: > On 09/22/2010 10:45 AM, Gerrard Geldenhuis wrote: >> >> Hi >> >> This is probably OT but I am not having much luck with google. How >> can I create SSHA512 strings? I have been using either a php script >> or slappasswd to create SSHA password but not sure how to do >> SSHA512. openssl can create the SHA512 digest but I am not sure how >> to add the random seed bit. My question probably illuminate my lack >> of understanding of the subject. >> > Why are you pre-hashing passwords? You can set the password storage > scheme to SSHA512 in 389 and provide a cleartext userPassword value > to the server and it will hash it for you. Actually, as a side note I would like to know how the format of {SSHA} and friends compare to the conventional unix $1$seed$hash for MD5, $2$seed$hash etc and so forth. Notably, is it possible to convert a $1$xxxx into a {MD5...} or similar hash.

Where is the Seed in SSHA?

Is it a fixed length?

-Brandon ------------------------------------------------------------------------ -- 389 users mailing list 389-users(a)lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users

Rich Megginson wrote: > 389 does support MD5 and Salted (SMD5) hashes, specifically for > migration purposes. What format does $1$xxxx use? > > It has been used in unix for some time now. $1$SEED$HASH is MD5; depending upon what OS you use the number differs in the hash. Years ago I rewrote crypt for FreeBSD to use $3$ for SHA1. I know Redhat is now using $6$ for a form of SHA, I don't know which one. >> Where is the Seed in SSHA? >> >> > At the end. > > >> Is it a fixed length? >> >> > Yes, 8 bytes. > > But note that you cannot convert MD5 to (S)SHA. > Where is the standard that defines what the hash format is for the various {types} ? This is basically to make migration easier, if I could reformat a "$1$seed$hash" into "{SMD5}hashseed"? and stuff it into userPassword, the users have no disruption.

-Brandon -- 389 users mailing list 389-users(a)lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users

Hi This is probably OT but I am not having much luck with google. How can I create SSHA512 strings? I have been using either a php script or slappasswd to create SSHA password but not sure how to do SSHA512. openssl can create the SHA512 digest but I am not sure how to add the random seed bit. My question probably illuminate my lack of understanding of the subject. Best Regards ________________________________________________________________________ In order to protect our email recipients, Betfair Group use SkyScan from MessageLabs to scan all Incoming and Outgoing mail for viruses. ________________________________________________________________________ ------------------------------------------------------------------------ -- 389 users mailing list 389-users(a)lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users