I'm attempting to add my own hash that will handle SQL Server 2006
pwdencrypt() passwords, after having converted them into shiro format, for
supporting legacy passwords.
I'm able to do the following in SQL Server:
DECLARE @password varchar(max)
SET @password = 'bl@h'
DECLARE @hash varbinary(max)
DECLARE @salt varbinary(max)
DECLARE @pwhash varbinary(max)
SET @hash = pwdencrypt(@password)
SET @salt = CONVERT(VARBINARY(max), SUBSTRING(CONVERT(NVARCHAR(MAX),
@hash),2, 2))
SET @pwhash = CONVERT(VARBINARY(max), SUBSTRING(CONVERT(NVARCHAR(MAX),
@hash), 4, 10))
SELECT
@hash as originalHash, @salt as saltPart, @pwhash as hashPart,
hashBytes('SHA1',@password + CONVERT(NVARCHAR(max), @salt)) as rehashed,
'$shiro1$SQLServer$1$' +
cast(N'' as xml).value('xs:base64Binary(sql:variable("@salt"))',
'nvarchar(max)') +
'$' +
cast(N'' as xml).value('xs:base64Binary(sql:variable("@pwhash"))',
'nvarchar(max)') as shiroFormat
The resulting select statement, hashPart and rehashed are the same. And
the shiroFormat field looks correct... here's an example:
original value = 0x0100F1860398160948C324454B760193CC99D5ADF8F5BE9FF352
salt = 0xF1860398
hash = 0x160948C324454B760193CC99D5ADF8F5BE9FF352
rehash = 0x160948C324454B760193CC99D5ADF8F5BE9FF352
shiro Format = $shiro1$SQLServer$1$8YYDmA==$FglIwyRFS3YBk8yZ1a349b6f81I=
Unfortunately attempting to generate the hash on the server side, I don't
ever get a match.
private byte[] hash(byte[] source, byte[] salt, int hashIterations) {
try {
MessageDigest digester = MessageDigest.getInstance("SHA-1","SUN");
digester.update(source);
digester.update(salt);
byte[] data = digester.digest();
log.info("Hashed: " + ByteSource.Util.bytes(data).toBase64());
return data;
}
catch (Exception e) {
log.error("ERROR",e);
throw new RuntimeException(e);
}
}
I'm probably missing something simple - probably has to do with utf-16
encoding on the nvarchar. Any ideas would be appreciated.
Thanks!
Mark Andrachek
