According to
http://developer.netscape.com/docs/technote/ldap/pass_sha.html and
various other web forums, SSHA is just "Seeded SHA1". It is computed as
follows :
> In Netscape Directory Server version 4 or later, a userPassword attribute
> value may consist of {SSHA}, followed by the base64 encoding of:
>
> 1) the SHA-1 digest of:
> 1) a password, followed by
> 2) a sequence of "salt" bytes, whose values were chosen at random;
> 2) followed by the same salt bytes.
Although I have not used the nssha1 library you talked about (nor being
an experienced aolserver developer), it seems you can just take the
password (a), generate a salt (b), feed the concatenation (a+b) to nssha1
(c), and then use (c)(b) as the result of SSHA encryption with the salt
(b).
Hope this helps...
Thanks,
Steve Miskovitz
[EMAIL PROTECTED]
Internet Developer, CollegePublisher.com
On Thu, 28 Feb 2002, Sean Redmond wrote:
> At 12:03 PM 2/28/2002 -0500, you wrote:
> >I should be more specific -- SHA1 is a hashing algorithm. What exactly are
> >you trying to do with it?
> >
> >/s.
>
> I'm trying to hash passwords to compare them to passwords stored in an LDAP
> directory (and retrieved with ns_ldap). By default (at least, I guess, for
> OpenLDAP) they seem to be stored in SSHA.
>
> Sean
>
>
> Sean Redmond
> Brooklyn Museum of Art
>
