[Tickets #2863] Corrected handling of {SSHA} and {SMD5} salt
bugs@bugs.horde.org
bugs at bugs.horde.org
Wed Oct 26 05:51:56 PDT 2005
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/?id=2863
-----------------------------------------------------------------------
Ticket | 2863
Updated By | ulrich-horde at topfen.net
Summary | Corrected handling of {SSHA} and {SMD5} salt
Queue | Horde Framework Packages
Version | FRAMEWORK_3
State | Feedback
Priority | 2. Medium
Type | Bug
Owners |
-----------------------------------------------------------------------
ulrich-horde at topfen.net (2005-10-26 05:51) wrote:
>> +) The format for both schemes is (in pseudo-code)
>> base64_encode(hash(password . salt) . salt). getSalt() did return the
>> the still encoded value when $seed was set, and a raw value when
>> generating a new one.
>
> But this is only true for LDAP servers storing the hashes in the
> tree, right? Auth is not only for LDAP servers.
I must admit that I do not know any other applications that use SSHA or
SMD5, so I can't really comment on that. I simply thought that other
applications will store the password in the same format.
More information about the bugs
mailing list