4

When I use ldapsearch command, I see my password (is 'abc123') is encrypted in openldap:

userPassword:: e1NTSEF9THk4YmtNTUxHV09sOEYvdUdKRE1McFR6eTU2OWNQRVo=

I tried to encode my password on http://www.onlinehashcrack.com/hash-calculator.php but cannot see matched method.

Could you show me what is encryption method here or how to find it in openldap configuration?

Thanks,

Viet

tivalat
  • 43

1 Answers1

5

The "=" on the end suggests that the password is base64 encoded. Once the base64 is decoded you will see:

{SSHA}Ly8bkMMLGWOl8F/uGJDMLpTzy569cPEZ

This means your password is stored as a SHA1 with salt. The actual hash is encoded in base64 again after {SSHA}.

See http://www.openldap.org/faq/data/cache/347.html for details about generating a new salted SHA1.

Alastair McCormack
  • 2,194
  • 9
    Actually the two colons in userPassword:: indicate that the attribute value is base64 encoded, not the =. A base64 encoded string doesn't necessarily contain a = at the end (or anywhere). – daff Oct 10 '12 at 12:40
  • good point @daff, I didn't know that :) It only suggested to me that it was base64 encoded :) – Alastair McCormack Oct 10 '12 at 12:44