Tim Lyth wrote:
Sebastiaan van Erk wrote:$ java SSHATest KmNq1UZiKuQkaGSB/iAENtKcsv3zqEd+ encoded: KmNq1UZiKuQkaGSB/iAENtKcsv3zqEd+ password hash: 2a636ad546622ae424686481fe200436d29cb2fd salt: f3a8477eEnter password: aaa password hash: 2a636ad546622ae424686481fe200436d29cb2fd encoded: KmNq1UZiKuQkaGSB/iAENtKcsv3zqEd+ MATCH? true <snip> $ java SSHATest iYX6b3SUba4OJEzOKiTdyV0y8flmYjdmZTllMQ== encoded: iYX6b3SUba4OJEzOKiTdyV0y8flmYjdmZTllMQ== password hash: 8985fa6f74946dae0e244cce2a24ddc95d32f1f9 salt: 6662376665396531 Enter password: aaa password hash: 8985fa6f74946dae0e244cce2a24ddc95d32f1f9 encoded: iYX6b3SUba4OJEzOKiTdyV0y8flmYjdmZTllMQ== MATCH? true <snip>The only thing that I can see that is different between the hash generated by ldappasswd and the hash generated by squirrelmail is the length of the salt. The squirrel mail salt seems to be 8 bytes long, the ldappasswd salt is 4 bytes long.Regards, SebastiaanHow are the different salt lengths identified in the encoded string?If there is a consistent way to identify the different salt lengths then it shouldn't be too hard to patch courier-authldap to figure out the correct salt length and value, should it?Cheers, Tim Lyth
When you base64 decode the hash to a byte array, the first 20 bytes are the the hash. Any remaining bytes are the salt. That's why the salt is at the end: the hash is a known fixed length.
Regards, Sebastiaan
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM) software. With Adobe AIR, Ajax developers can use existing skills and code to build responsive, highly engaging applications that combine the power of local resources and data with the reach of the web. Download the Adobe AIR SDK and Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
_______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
