[AOLSERVER] nssha1 and SSHA
There is a module to do SHA1 encryption (nssha1) from Ars Digita, but I need a way to do SSHA encryption Any implementations/ideas? Thanks, Sean Redmond Sean Redmond Brooklyn Museum of Art
Re: [AOLSERVER] nssha1 and SSHA
I should be more specific -- SHA1 is a hashing algorithm What exactly are you trying to do with it? /s Sean, do you mean you need to do SHA1 encryption over the net? AFAIK, the nssha module encrypts data but not for SSL Is it the SSL capability you're looking for? /s There is a module to do SHA1 encryption (nssha1) from Ars Digita, but I need a way to do SSHA encryption Any implementations/ideas? Thanks, Sean Redmond Sean Redmond Brooklyn Museum of Art
Re: [AOLSERVER] nssha1 and SSHA
On 2/28/02 11:55 AM, Sean Redmond [EMAIL PROTECTED] wrote: There is a module to do SHA1 encryption (nssha1) from Ars Digita, but I need a way to do SSHA encryption. Any implementations/ideas? From the description on this page: http://www.openldap.org/faq/data/cache/347.html It looks like you generate an SSHA hash by appending the seed to the cleartext before generating the hash. Since I haven't used nssha1, I don't know that I can be more helpful. (SHA1 and SSHA are hashing algorithms, rather than encryption algorithms.)
Re: [AOLSERVER] nssha1 and SSHA
According to http://developer.netscape.com/docs/technote/ldap/pass_sha.html and various other web forums, SSHA is just Seeded SHA1. It is computed as follows : In Netscape Directory Server version 4 or later, a userPassword attribute value may consist of {SSHA}, followed by the base64 encoding of: 1) the SHA-1 digest of: 1) a password, followed by 2) a sequence of salt bytes, whose values were chosen at random; 2) followed by the same salt bytes. Although I have not used the nssha1 library you talked about (nor being an experienced aolserver developer), it seems you can just take the password (a), generate a salt (b), feed the concatenation (a+b) to nssha1 (c), and then use (c)(b) as the result of SSHA encryption with the salt (b). Hope this helps... Thanks, Steve Miskovitz [EMAIL PROTECTED] Internet Developer, CollegePublisher.com On Thu, 28 Feb 2002, Sean Redmond wrote: At 12:03 PM 2/28/2002 -0500, you wrote: I should be more specific -- SHA1 is a hashing algorithm. What exactly are you trying to do with it? /s. I'm trying to hash passwords to compare them to passwords stored in an LDAP directory (and retrieved with ns_ldap). By default (at least, I guess, for OpenLDAP) they seem to be stored in SSHA. Sean Sean Redmond Brooklyn Museum of Art