[389-users] Re: Using PBKDF2_SHA256 Hashes
On Tue, 2018-03-27 at 21:11 -0400, Joe Cooter wrote: > Hi, > > I’m attempting to build an application using the userPassword > attribute, with hashes stored using PBKDF2_SHA256. However, using > the passlib hash library for pbkdf2_sha256 is complaining about a > malformed hash. Looking at the hash, it appears that there aren’t > any delimiters between the salt, iterations, etc. > > Is there some additional encoding happening on the userPassword > attribute? You should use the pwdhash utility from 389-ds-base to generate the hashes for DS. We made a number of decisions about the hash encoding and it's design for portability and security reasons. We write the number of rounds into the hash in a bigendian form so that it's portable. We also store the salt as 64 bytes statically into the hash (NIST recommend 16 bytes last I checked). Additionally, we calculate the number of rounds based on your CPU performance. Because LDAP is often time sensitive to bind, we have a time factor we try to meet (I think it's 40 ms, but I need to check the source code). This way binds are still "fast", but there is a cost factor to an attacker. When you upgrade your CPU, it will run faster of course because you can achieve more rounds in the time window. So the design always improves your protection as you get a faster machine, but without sacrificing performance or opening up to a DoS on a slower machine. Hope that helps, > ___ > 389-users mailing list -- 389-users@lists.fedoraproject.org > To unsubscribe send an email to 389-users-leave@lists.fedoraproject.o > rg ___ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
[389-users] Re: Using PBKDF2_SHA256 Hashes
On 03/27/2018 09:11 PM, Joe Cooter wrote:
> Hi,
>
> I’m attempting to build an application using the userPassword attribute, with
> hashes stored using PBKDF2_SHA256. However, using the passlib hash library
> for pbkdf2_sha256 is complaining about a malformed hash. Looking at the
> hash, it appears that there aren’t any delimiters between the salt,
> iterations, etc.
>
> Is there some additional encoding happening on the userPassword attribute?
The server stores the password as follows:
dn: uid=mark,dc=example,dc=com
userpassword::
e1BCS0RGMl9TSEEyNTZ9QUFBSUFFb3A0VVVUUFRjL2E2NStDS3U5cmdFa0RML0V
2NmhIamZaRDlQRXFLSFNraStrYXZYTWx6ZTZzOGsrNnFYT3I3amtjZXFpMUlZR0dndlpyK2hMczVn
cjhSRXNSSVRzSUxZVzlJTnU5RUNWOVQ2ZzhvTUphQTErbDkxZGxNR20yUjVYR0h2UmlqczlmQlk3T
zg0NGYvYk1OR0tqaXJKUHlVKzJwVVhoMzBGaS9GV0I0VW1ia2JOVmg0RGd5c0ZFOHZLOXI4RVN3RV
JJUXdHUkJOVXpuZXBJUVNmNEhUYTBQQU1HaEZjelhjekdTeUY1a3pDWGo2LzBpVWRDRDVydWJGMzc
0TWl3VXVrQmlKaklsRkhheUMwV0N2dWtZNkVmQ1BESFNrRjNGaThlVHNjZGxGSitDcFRSME1pVStP
T1R3Qkt4MGRsMGpUYU8yVzQyVFFCcnY2MUtsUUovV05NQkpMVmRreWRhT3J1L0xJcVhha3hrblZMe
G9kTS96d1dzVmZYempSQjhQRGxZalpyR3lhSjZ1YWlYSStEWXUzYzVvWlcrSUx3YjdEazB3
base64 decoding the password gives us:
{PBKDF2_SHA256}AAAIAEop4UUTPTc/a65+CKu9rgEkDL/Ev6hHjfZD9PEqKHSki+kavXMlze6s8k+6qXOr7jkceqi1IYGGgvZr+hLs5gr8REsRITsILYW9INu9ECV9T6g8oMJaA1+l91dlMGm2R5XGHvRijs9fBY7O844f/bMNGKjirJPyU+2pUXh30Fi/FWB4UmbkbNVh4DgysFE8vK9r8ESwERIQwGRBNUznepIQSf4HTa0PAMGhFczXczGSyF5kzCXj6/0iUdCD5rubF374MiwUukBiJjIlFHayC0WCvukY6EfCPDHSkF3Fi8eTscdlFJ+CpTR0MiU+OOTwBKx0dl0jTaO2W42TQBrv61KlQJ/WNMBJLVdkydaOru/LIqXakxknVLxodM/zwWsVfXzjRB8PDlYjZrGyaJ6uaiXI+DYu3c5oZW+ILwb7Dk0w
In 389 Directory Server it looks at the password encoding prefix:
{ALGO} --> {PBKDF2_SHA256} the rest is the complete password hash
The salt length is 64 and iterations length is 4:
#define PBKDF2_SALT_LENGTH 64
#define PBKDF2_ITERATIONS_LENGTH 4
In pbkdf2_sha256_pw_enc_rounds() in
ldap/servers/plugins/pwdstorage/pbkdf2_pwd.c
we write the hash like so:
pbkdf2_sha256_hash(hash + PBKDF2_ITERATIONS_LENGTH + PBKDF2_SALT_LENGTH,
...);
So the password hash itself should be everything after an offset of 68
(PBKDF2_ITERATIONS_LENGTH + PBKDF2_SALT_LENGTH).
HTH,
Mark
> ___
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
