Jan-Frode Myklebust wrote: > On 2009-03-09, Michael Ströder <mich...@stroeder.com> wrote: >>> But, it occurred to me that I'm not fully sure what I'm doing >>> when creating the SSHA1 hash, >> If the password is usable afterwards there's nothing wrong with >> client-side password hashing. The salt should be at least 4 bytes long. > > Still, I'm uncertain how f.ex. character encodings will/should be > handled, so it seems safer to let the directory server handle both the > hashing and verification.
For LDAPv3 you should pass UTF-8 to the python-ldap functions/methods or before hashing the password. (In theory one has to use SASLprep before the UTF-8 encoding but in most cases this is the same). Ciao, Michael. ------------------------------------------------------------------------------ Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H _______________________________________________ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
