[jira] [Comment Edited] (DIRSTUDIO-1226) Cannot verify PBKDF2_SHA256 passwords

Wed, 22 May 2019 19:42:36 -0700 


    [ 
https://issues.apache.org/jira/browse/DIRSTUDIO-1226?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16846380#comment-16846380
 ] 

SPChan edited comment on DIRSTUDIO-1226 at 5/23/19 2:41 AM:
------------------------------------------------------------

Possibly this is some non-standard 389-DS format for hashed passwords.

 

Feel free to close if that is the case. The scheme used is with underscore 
{{PBKDF2_SHA256}}, not like the example below which uses {{- (dash)}} in the 
scheme name.

C.f. OpenLDAPs {{PBKDF2-SHA256}}: The stored value in 389-DS is dissimilar to 
OpenLDAP.

[https://serverfault.com/questions/569014/does-openldap-support-pbkdf2-hash-algorithm]

 
{code:java}
userPassword: 
'{PBKDF2-SHA256}10000$LBwTpUPGqxdH$8pDqhAruY94IhhuCZLost471pGImy//wH0pS25LO/YI='{code}
 


was (Author: space88man):
Possibly this is some non-standard 389-DS format for hashed password. Feel free 
to close if that is the case. The scheme used is with underscore 
{{PBKDF2_SHA256}}, not like the example below which uses {{- (dash)}} in the 
scheme name. 

C.f. OpenLDAPs {{PBKDF2-SHA256}}: The stored value in 389-DS is disimilar to 
OpenLDAP.

[https://serverfault.com/questions/569014/does-openldap-support-pbkdf2-hash-algorithm]

 
{code:java}
userPassword: 
'{PBKDF2-SHA256}10000$LBwTpUPGqxdH$8pDqhAruY94IhhuCZLost471pGImy//wH0pS25LO/YI='{code}
 

> Cannot verify PBKDF2_SHA256 passwords
> -------------------------------------
>
>                 Key: DIRSTUDIO-1226
>                 URL: https://issues.apache.org/jira/browse/DIRSTUDIO-1226
>             Project: Directory Studio
>          Issue Type: Bug
>            Reporter: SPChan
>            Priority: Major
>             Fix For: 2.0.0-M14
>
>
> For userPassword stored as PBKDF2_SHA256:
> Edit Value -> Verify Password -> (enter password) -> Verify fails.
> Edit Value -> Verify Password -> (enter password) -> Bind works.
>  
> The format of the stored password is from 389-DS:
> {PBKDF2_SHA256}<hashed_data: 324 bytes as base64>
>  
> hashed_data = iteration_count: 4 bytes (integer, network order) , salt: 64 
> bytes, hash: 256 bytes
> generated using PBKDF2 HMAC-SHA256
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to