Re: [ldapext] [ldap] Re: draft-stroeder-hashed-userpassword-values-01
Howard Chu <hyc@highlandsun.com> Thu, 14 March 2013 19:35 UTC
Return-Path: <hyc@highlandsun.com>
X-Original-To: ldapext@ietfa.amsl.com
Delivered-To: ldapext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4344F11E8192 for <ldapext@ietfa.amsl.com>; Thu, 14 Mar 2013 12:35:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.374
X-Spam-Level:
X-Spam-Status: No, score=-2.374 tagged_above=-999 required=5 tests=[AWL=-0.075, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AHNmNUzrYlrK for <ldapext@ietfa.amsl.com>; Thu, 14 Mar 2013 12:35:05 -0700 (PDT)
Received: from mail.highlandsun.com (mail.highlandsun.com [70.87.222.79]) by ietfa.amsl.com (Postfix) with ESMTP id 1AFED11E80BF for <ldapext@ietf.org>; Thu, 14 Mar 2013 12:35:05 -0700 (PDT)
Received: from [127.0.0.1] (localhost [127.0.0.1]) by mail.highlandsun.com (Postfix) with ESMTP id 43C8984ED5; Thu, 14 Mar 2013 15:35:01 -0400 (EDT)
Message-ID: <51422664.1040209@highlandsun.com>
Date: Thu, 14 Mar 2013 12:35:00 -0700
From: Howard Chu <hyc@highlandsun.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:22.0) Gecko/20100101 Firefox/22.0 SeaMonkey/2.19a1
MIME-Version: 1.0
To: Michael Ströder <michael@stroeder.com>, ldapext <ldapext@ietf.org>
References: <5103F924.2070800@stroeder.com> <CABBgLkcnK7WfthFOBD5Esfz+g1izcKoGgtxzKKDntc0i=E7LOQ@mail.gmail.com> <510782A6.7050209@stroeder.com> <3ED81CD8-59DA-482E-8AFA-C68E53A62067@isode.com> <51410020.4020800@stroeder.com> <20130314001901.GN18706@slab.skills-1st.co.uk> <5141F560.6040805@highlandsun.com> <5142171C.6090807@stroeder.com>
In-Reply-To: <5142171C.6090807@stroeder.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 8bit
Cc: "ldap@umich.edu" <ldap@umich.edu>
Subject: Re: [ldapext] [ldap] Re: draft-stroeder-hashed-userpassword-values-01
X-BeenThere: ldapext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: LDAP Extension Working Group <ldapext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ldapext>, <mailto:ldapext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ldapext>
List-Post: <mailto:ldapext@ietf.org>
List-Help: <mailto:ldapext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ldapext>, <mailto:ldapext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Mar 2013 19:35:06 -0000
Michael Ströder wrote: > Well, at first I simply wanted to ignore this completely. > But after Andrews request I've already changed it for upcoming -02 like this: I think you need to re-read RFC5234. > > userpasswordvalue = cleartext-password / prefix hashed-password > > prefix = "{" scheme "}" > scheme = %x30-39 / %x41-5A / %x61-7a / %x2D-2F / %x5F > ;0-9, A-Z, a-z, "-", ".", "/", or "_" Should be something like schemechar = %x30-39 / %x41-5A / %x61-7a / %x2D-2F / %x5F scheme = 1*schemechar > > hashed-password = b64-hashandsalt / crypt3-result > > b64-hashandsalt = <base64 of hashandsalt> > > hashandsalt = password-hash salt > > password-hash = <digest of cleartext-password salt> > cleartext-password = %x00-FF > > salt = %x00-FF Should be something like octet = %x00-FF cleartext-password = 1*octet salt = 0*octet (Or perhaps you allow zero-length passwords? Don't care much either way.) md5-hash = 16octet sha1-hash = 20octet ... > crypt3-result = <generated by Unix function crypt(3)> > > Please review this. Comments about clarity welcome. > > Ciao, Michael. > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
- [ldapext] Any implementations using userPassword;… Michael Ströder
- Re: [ldapext] Any implementations using userPassw… Luke Howard
- Re: [ldapext] Any implementations using userPassw… Andrew Sciberras
- Re: [ldapext] Any implementations using userPassw… Michael Ströder
- Re: [ldapext] Any implementations using userPassw… Kurt Zeilenga
- [ldapext] draft-stroeder-hashed-userpassword-valu… Michael Ströder
- Re: [ldapext] draft-stroeder-hashed-userpassword-… Kurt Zeilenga
- Re: [ldapext] draft-stroeder-hashed-userpassword-… Michael Ströder
- [ldapext] draft-stroeder-hashed-userpassword-valu… Michael Ströder
- Re: [ldapext] draft-stroeder-hashed-userpassword-… Andrew Findlay
- Re: [ldapext] draft-stroeder-hashed-userpassword-… Michael Ströder
- Re: [ldapext] draft-stroeder-hashed-userpassword-… Ludovic Poitou
- Re: [ldapext] draft-stroeder-hashed-userpassword-… Michael Ströder
- Re: [ldapext] draft-stroeder-hashed-userpassword-… Howard Chu
- Re: [ldapext] draft-stroeder-hashed-userpassword-… Kurt Zeilenga
- Re: [ldapext] [ldap] Re: draft-stroeder-hashed-us… Michael Ströder
- Re: [ldapext] [ldap] Re: draft-stroeder-hashed-us… Howard Chu
- Re: [ldapext] [ldap] Re: draft-stroeder-hashed-us… Michael Ströder
- Re: [ldapext] [ldap] Re: draft-stroeder-hashed-us… Howard Chu
- Re: [ldapext] [ldap] Re: draft-stroeder-hashed-us… Michael Ströder
- Re: [ldapext] [ldap] Re: draft-stroeder-hashed-us… Andrew Findlay
- Re: [ldapext] [ldap] Re: draft-stroeder-hashed-us… Kurt Zeilenga
- Re: [ldapext] [ldap] Re: draft-stroeder-hashed-us… Andrew Findlay
- Re: [ldapext] draft-stroeder-hashed-userpassword-… Andrew Findlay
- Re: [ldapext] [ldap] Re: draft-stroeder-hashed-us… Howard Chu
- Re: [ldapext] [ldap] Re: draft-stroeder-hashed-us… Michael Ströder
- Re: [ldapext] draft-stroeder-hashed-userpassword-… Michael Ströder
- Re: [ldapext] draft-stroeder-hashed-userpassword-… Hallvard Breien Furuseth