[jira] [Commented] (DIRSTUDIO-738) Modular Crypt Format Salts are incorrectly displayed

Fri, 08 Jan 2016 04:20:51 -0800 

    [ 
https://issues.apache.org/jira/browse/DIRSTUDIO-738?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15089130#comment-15089130
 ] 

Frank Fischer commented on DIRSTUDIO-738:
-----------------------------------------

Old issue, but I encounter the same problem in all versions up to  2.0.0-M10

The modular crypt format embeds the hashing algorythm used, the salt and the 
hash. 

{code:title=man crypt 3|borderStyle=solid}
            ID     | Method
            ─────────────────────────────────────────────────────────
              1    | MD5
              2a   | Blowfish (not in mainline glibc; added in some Linux 
distributions)
              5    | SHA-256 (since glibc 2.7)
              6    | SHA-512 (since glibc 2.7)
{code}

{code:title=Example|borderStyle=solid}

$6$af1ae9db$VizZoRwsguLHJsl4cGT4/mJKrcXVemgIVoEGLhRjIH56bMgxcnNlzeL91B9c/jHVI0jZzDircJgYuYc/Jn49.1

        $6$ : SHA-512 is used
   af1ae9db : Salt
Viz...n49.1 : Hash(shortended for clarification)
{code}

If you put now the value from the example into a userPassword field of openLDAP 
like this
{code}{CRYPT}$6$af1ae9db$VizZoRwsguLHJsl4cGT4/mJKrcXVemgIVoEGLhRjIH56bMgxcnNlzeL91B9c/jHVI0jZzDircJgYuYc/Jn49.1{code}
and openldap is running on a linux sytsem having glibc >= 2.7, the the 
authentication works, but DirectoryStudio is not able to verifiy the password, 
nor to display the salt.

Judging from CODEC-133 and reading 
https://commons.apache.org/proper/commons-codec/apidocs/org/apache/commons/codec/digest/Crypt.html
 parts of the needed functionality is already available in java.


> Modular Crypt Format Salts are incorrectly displayed
> ----------------------------------------------------
>
>                 Key: DIRSTUDIO-738
>                 URL: https://issues.apache.org/jira/browse/DIRSTUDIO-738
>             Project: Directory Studio
>          Issue Type: Bug
>          Components: studio-ldapbrowser
>    Affects Versions: 1.5.3
>         Environment: Ubuntu 11.04, Eclipse Indigo
>            Reporter: Justin Dugger
>            Priority: Minor
>
> CRYPT passwords embed multiple values into a single field, in particular the 
> algorithm and the salt used. This method is known as Modular Crypt Format 
> http://www.tummy.com/journals/entries/jafo_20110117_054918
> When given a userPassword field described using this system, the "show 
> password details" display on the value editor gets the salt wrong and fails 
> to verify.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to