Hi all,
With FDS, I created the user red (password red) and this is the code
LDIF that I exported from FDS:
dn: uid=red,ou=Other,ou=Students,ou=People,dc=xxxxx,dc=xx
uid: red
givenName: red
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
sn: red
cn: red red
userPassword: {MD5}valkOsZgFyKijyOHFCdNpA=creatorsName: cn=root
modifiersName: cn=root
createTimestamp: 20080326114136Z
modifyTimestamp: 20080326114136Z
nsUniqueId: 73d76881-fb2911dc-8017dffc-71a7a144
But if I create, with the MD5sum utility, the MD5(red), I got
1098e2cb1442f45f8ca2e74e1cd24bd0
Why? It isn''t the same algoritme? In the FDS I must have the same
value of MD5sum utility. How can I do?
Thanks
luigi
______________________________________________
Voce Senza Limiti: chiama in tutta Italia a 0 cent. SOLO 9,90 EURO AL MESE fino
al 27/03/08!
http://abbonati.tiscali.it/promo/vocesenzalimiti_2603/
If i''m not wrong, this is because these encription algorithms uses an
"initialization vector (IV)". It''s a chain used to start the
encription
process and allows that identical texts results in different ciphred text.
Para
fedora-directory-users@redhat.co
m
Luigi Santangelo cc
<santangelo.luigi@tiscal
i.it> Asunto
Enviado por: [Fedora-directory-users]
fedora-directory-users-b encryption userPassword
ounces@redhat.com Clasificación
Uso Interno
26/03/2008 07:48 a.m.
Por favor, responda a
Luigi Santangelo
<santangelo.luigi@tiscal
i.it>; Por favor,
responda a
"General discussion list
for the Fedora Directory
server project."
<fedora-directory-users@
redhat.com>
Hi all,
With FDS, I created the user red (password red) and this is the code
LDIF that I exported from FDS:
dn: uid=red,ou=Other,ou=Students,ou=People,dc=xxxxx,dc=xx
uid: red
givenName: red
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
sn: red
cn: red red
userPassword: {MD5}valkOsZgFyKijyOHFCdNpA=creatorsName: cn=root
modifiersName: cn=root
createTimestamp: 20080326114136Z
modifyTimestamp: 20080326114136Z
nsUniqueId: 73d76881-fb2911dc-8017dffc-71a7a144
But if I create, with the MD5sum utility, the MD5(red), I got
1098e2cb1442f45f8ca2e74e1cd24bd0
Why? It isn''t the same algoritme? In the FDS I must have the same
value of MD5sum utility. How can I do?
Thanks
luigi
______________________________________________
Voce Senza Limiti: chiama in tutta Italia a 0 cent. SOLO 9,90 EURO AL MESE
fino al 27/03/08!
http://abbonati.tiscali.it/promo/vocesenzalimiti_2603/
--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
=======================================================================================AVISO
LEGAL: Esta información es privada y confidencial y está dirigida
únicamente a su destinatario. Si usted no es el destinatario original de
este mensaje y por este medio pudo acceder a dicha información por favor
elimine el mensaje. La distribución o copia de este mensaje está
estrictamente prohibida. Esta comunicación es sólo para propósitos de
información y no debe ser considerada como propuesta, aceptación ni como
una declaración de voluntad oficial de NUCLEO S.A. La transmisión de
e-mails no garantiza que el correo electrónico sea seguro o libre de error.
Por consiguiente, no manifestamos que esta información sea completa o
precisa. Toda información está sujeta a alterarse sin previo aviso.
This information is private and confidential and intended for the
recipient only. If you are not the intended recipient of this message you
are hereby notified that any review, dissemination, distribution or
copying of this message is strictly prohibited. This communication is for
information purposes only and shall not be regarded neither as a proposal,
acceptance nor as a statement of will or official statement from NUCLEO
S.A. . Email transmission cannot be guaranteed to be secure or error-free.
Therefore, we do not represent that this information is complete or
accurate and it should not be relied upon as such. All information is
subject to change without notice.
Michael Ströder
2008-Mar-26 13:27 UTC
Re: [Fedora-directory-users] encryption userPassword
Ivan Ferreira wrote:> If i''m not wrong, this is because these encription algorithms uses an > "initialization vector (IV)".An IV for MD5? I seriously doubt that. Note that MD5 is not reversible encryption. It''s a hash algorithm (one-way encryption). Maybe you''re talking about adding a salt? But this would be password scheme {SMD5} not {MD5}. BTW: {SSHA} should be preferred! To make things more clear here are good explanations which also apply to FDS: http://www.openldap.org/faq/data/cache/419.html Ciao, Michael.
Michael Ströder
2008-Mar-26 13:40 UTC
Re: [Fedora-directory-users] encryption userPassword
Luigi Santangelo wrote:> userPassword: {MD5}valkOsZgFyKijyOHFCdNpA=> [..] > But if I create, with the MD5sum utility, the MD5(red), I got > 1098e2cb1442f45f8ca2e74e1cd24bd0If everything''s correct it should be the same binary MD5 value but differently encoded to be ASCII-clean. The value for userPassword is base64-encoded after the password scheme identifier (here {MD5}). The command-line tool md5sum generates hex-byte encoding. Note that I didn''t check whether the values you provided above are actually the same binary MD5 value. Take care of possible line-breaks or other white-space chars when using md5sum. You should probably consider using a decent scripting language instead of command-line tools to generate values for userPassword though. See also (yes, it also applies to FDS): http://www.openldap.org/faq/data/cache/419.html Ciao, Michael. -- Michael Ströder E-Mail: michael@stroeder.com http://www.stroeder.com
Nalin Dahyabhai
2008-Mar-26 15:15 UTC
Re: [Fedora-directory-users] encryption userPassword
On Wed, Mar 26, 2008 at 12:48:58PM +0100, Luigi Santangelo wrote:> With FDS, I created the user red (password red) and this is the code > LDIF that I exported from FDS:[snip]> userPassword: {MD5}valkOsZgFyKijyOHFCdNpA=[snip] > But if I create, with the MD5sum utility, the MD5(red), I got > 1098e2cb1442f45f8ca2e74e1cd24bd0 > Why? It isn''t the same algoritme? In the FDS I must have the same > value of MD5sum utility. How can I do?Nothing''s wrong. The text "valkOsZgFyKijyOHFCdNpA==" is a base64-encoded version of these bytes [1]: bd a9 64 3a c6 60 17 22 a2 8f 23 87 14 27 4d a4 You seem to have given the md5sum utility the text "red\n", which gives me 1098e2cb1442f45f8ca2e74e1cd24bd0. The md5sum of the text "red" is actually bda9643ac6601722a28f238714274da4, which is what the directory server stored. Just a guess, but if you''re using echo and piping the text through "md5sum" on the command line to do the calculation, be sure you run echo with the "-n" flag so that it doesn''t append a newline to the output. Then the results will match. HTH, Nalin [1] "echo valkOsZgFyKijyOHFCdNpA== | openssl base64 -d | od -t x1"
>>> An IV for MD5? I seriously doubt that.Using google I found: The initialization vector is the value to which the MD5 internal variables are initially set before beginning the hashing process. Para "General discussion list for the Fedora Directory server Michael Ströder project." <michael@stroeder.com> <fedora-directory-users@redhat.c Enviado por: om> fedora-directory-users-b cc ounces@redhat.com Asunto 26/03/2008 09:27 a.m. Re: [Fedora-directory-users] encryption userPassword Clasificación Uso Interno Por favor, responda a "General discussion list for the Fedora Directory server project." <fedora-directory-users@ redhat.com> Ivan Ferreira wrote:> If i''m not wrong, this is because these encription algorithms uses an > "initialization vector (IV)".An IV for MD5? I seriously doubt that. Note that MD5 is not reversible encryption. It''s a hash algorithm (one-way encryption). Maybe you''re talking about adding a salt? But this would be password scheme {SMD5} not {MD5}. BTW: {SSHA} should be preferred! To make things more clear here are good explanations which also apply to FDS: http://www.openldap.org/faq/data/cache/419.html Ciao, Michael. -- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users =======================================================================================AVISO LEGAL: Esta información es privada y confidencial y está dirigida únicamente a su destinatario. Si usted no es el destinatario original de este mensaje y por este medio pudo acceder a dicha información por favor elimine el mensaje. La distribución o copia de este mensaje está estrictamente prohibida. Esta comunicación es sólo para propósitos de información y no debe ser considerada como propuesta, aceptación ni como una declaración de voluntad oficial de NUCLEO S.A. La transmisión de e-mails no garantiza que el correo electrónico sea seguro o libre de error. Por consiguiente, no manifestamos que esta información sea completa o precisa. Toda información está sujeta a alterarse sin previo aviso. This information is private and confidential and intended for the recipient only. If you are not the intended recipient of this message you are hereby notified that any review, dissemination, distribution or copying of this message is strictly prohibited. This communication is for information purposes only and shall not be regarded neither as a proposal, acceptance nor as a statement of will or official statement from NUCLEO S.A. . Email transmission cannot be guaranteed to be secure or error-free. Therefore, we do not represent that this information is complete or accurate and it should not be relied upon as such. All information is subject to change without notice.
Michael Ströder
2008-Mar-29 00:45 UTC
Re: [Fedora-directory-users] encryption userPassword
Ivan Ferreira wrote:>>>> An IV for MD5? I seriously doubt that. > > Using google I found: > > The initialization vector is the value to which the MD5 internal variables > are initially set before beginning the hashing process.Yes, but you won''t have to deal with that when generating values for attribute ''userPassword'' based on password scheme {MD5} with the help of some MD5 module for your favourite programming language or the md5sum tool. So my answer might have been unprecise regarding crypto science but was meant as practical help for the original poster. Ciao, Michael.