Bruno Negr�o schrieb:
> Hi all,
>
> I'd like my Directory stored the passwords in the "userpassword"
> attribute using encryption.
>
> How can i generate an encrypted password? I want to store passwords like
> this example:
>
> userPassword: {MD5}X03MO1qnZdYdgyfeuILPmQ==
> Since the "userpassword" attribute requires the encrytion type to be
> descrimitated, "MD5" in the example above, wouldn't it be easy for a
> hacker to decrypt the encrypted string once he could browse the
> directory tree? (i'm sorry, I don't understand nothing about encryption)No, it wouldn't because MD5 (as well as SHA and others) is a one-way encryption, that means it just makes a (almost) unique string out of an input string. There's no way to decrypt that hash back into the input string (if we leave out a brute-force attack, which is always possible).
If you use MD5 passwords, the password will be encrypted once and written to the directory, and when you try to login, the password you try to login with will be encrypted also and the two encrypted MD5-hashes will be compared - if they're equal, your login is correct - without ever using the cleartext password.
> > thanks, > bruno negr�o
