[AOLSERVER] nssha1 and SSHA

2002-02-28 Thread Sean Redmond 

There is a module to do SHA1 encryption (nssha1) from Ars Digita, but I
need a way to do SSHA encryption Any implementations/ideas?

Thanks,
Sean Redmond


Sean Redmond
Brooklyn Museum of Art

Re: [AOLSERVER] nssha1 and SSHA

2002-02-28 Thread Scott Goodwin 

I should be more specific -- SHA1 is a hashing algorithm What exactly are
you trying to do with it?

/s

 Sean,

 do you mean you need to do SHA1 encryption over the net? AFAIK, the nssha
 module encrypts data but not for SSL Is it the SSL capability you're
 looking for?

 /s

  There is a module to do SHA1 encryption (nssha1) from Ars Digita, but I
  need a way to do SSHA encryption Any implementations/ideas?
 
  Thanks,
  Sean Redmond
 
 
  Sean Redmond
  Brooklyn Museum of Art

Re: [AOLSERVER] nssha1 and SSHA

2002-02-28 Thread Peter M. Jansson 

On 2/28/02 11:55 AM, Sean Redmond [EMAIL PROTECTED] wrote:

 There is a module to do SHA1 encryption (nssha1) from Ars Digita, but I
 need a way to do SSHA encryption. Any implementations/ideas?

From the description on this page:

  http://www.openldap.org/faq/data/cache/347.html

It looks like you generate an SSHA hash by appending the seed to the
cleartext before generating the hash.  Since I haven't used nssha1, I don't
know that I can be more helpful.

(SHA1 and SSHA are hashing algorithms, rather than encryption algorithms.)

Re: [AOLSERVER] nssha1 and SSHA

2002-02-28 Thread Steve Miskovitz 

According to
http://developer.netscape.com/docs/technote/ldap/pass_sha.html and
various other web forums, SSHA is just Seeded SHA1.  It is computed as
follows :

 In Netscape Directory Server version 4 or later, a userPassword attribute
 value may consist of {SSHA}, followed by the base64 encoding of:

 1) the SHA-1 digest of:
   1) a password, followed by
   2) a sequence of salt bytes, whose values were chosen at random;
 2) followed by the same salt bytes.

Although I have not used the nssha1 library you talked about (nor being
an experienced aolserver developer), it seems you can just take the
password (a), generate a salt (b), feed the concatenation (a+b) to nssha1
(c), and then use (c)(b) as the result of SSHA encryption with the salt
(b).

Hope this helps...

Thanks,
Steve Miskovitz
[EMAIL PROTECTED]
Internet Developer, CollegePublisher.com

On Thu, 28 Feb 2002, Sean Redmond wrote:

 At 12:03 PM 2/28/2002 -0500, you wrote:
 I should be more specific -- SHA1 is a hashing algorithm. What exactly are
 you trying to do with it?
 
 /s.

 I'm trying to hash passwords to compare them to passwords stored in an LDAP
 directory (and retrieved with ns_ldap). By default (at least, I guess, for
 OpenLDAP) they seem to be stored in SSHA.

 Sean


 Sean Redmond
 Brooklyn Museum of Art