Re: [lsc-users] Problem sha-1 encryption

Mon, 09 Mar 2020 02:32:52 -0700 

Hello Clément,

Very interesting, thanks very much. I'll have a deeper look at your 
solution :)

I hope it will solve my problem

thanks very much

Best regards

Le 09.03.2020 à 10:28, Clément OUDOT a écrit :
> Le 06/03/2020 à 12:54, Forster Arnaud, Gymnase francais a écrit :
>> Hello all,
>>
>> I've a small problem with the encryption function  
>> SecurityUtils.hash(SecurityUtils.HASH_SHA1,"TestUser1") :
>>
>> When I use dit, the result is not the same than another tool I'm using to 
>> authenticate :
>>
>>
>> For example,  with the above function, the password 'TestUser1' gives me the 
>> result  "suEv6NdDYH+VCIKI0Ej9+kvcco4=? "
>>
>> With my other tool, and the same SHA1  encryption  ,the result is 
>> "b2e12fe8d743607f95088288d048fdfa4bdc728e"
>>
>> So I can't compare them. Maybe I should user another encryption to get the 
>> same result  but which one ?
>>
>>
>> I'm very new in encryption so maybe I wrongly understand what I see...
>>
>> Thanks to all for your help 😊
>
> Hello Arnaud,
>
> looking at source code, it seems that LSC SecurityUtils encodes the
> result in Base64:
>
>
>          /**
>           * Hash a value within a supported hash type.
>           * @param type A valid hash type: SecurityUtils.HASH_MD5,
> SecurityUtils.HASH_SHA1, SecurityUtils.HASH_SHA256 or
> SecurityUtils.HASH_SHA512
>           * @param value A value to hash
>           * @return A valid base64 encoded hash
>           * @throws java.security.NoSuchAlgorithmException
>           */
>          public static String hash(String type, String value) throws
> NoSuchAlgorithmException {
>                  byte data[] = value.getBytes();
>                  byte hash[] = MessageDigest.getInstance(type).digest(data);
>                  return new String(new Base64().encode(hash));
>          }
>
> But on the other hand, I can successfully create SHA passwords in LSC
> from a cleartext password :
>
>
>          <dataset>
>            <name>userPassword</name>
>            <policy>FORCE</policy>
>            <forceValues>
>                  <string><![CDATA[
>                          var octetString =
> srcBean.getDatasetFirstValueById("userPassword");
>                          var str = java.lang.String(octetString);
>                          "{SHA}" +
> SecurityUtils.hash(SecurityUtils.HASH_SHA1, str)
>                          ]]>
>                  </string>
>            </forceValues>
>          </dataset>
>
>
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
lsc-users@lists.lsc-project.org
https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users

Reply via email to