Leave a Comment:
1 comments
what is default salt lenght for SSHA and how do we cofigure that length to 128 bit
ReplyUser’s password is stored in attribute userPassword and for security reasons value in password userPassword is hashed using SSHA (Salted Secure Hashing Algorithm) Algorithm . More on SHA here and Salt here
Here are key points related to password in OID
1. User’s Password in OID are stored in attribute userPassword
2. User’s password can be stored either in
a) One-way hashed value (This is more secure)
or
b) Encrypted value
3. Default userPassword hashing algorithm has changed from MD5 (in 10g OID) to SHA (in 11g OID)
4. Hashed algoritm used by OID is stored in attribute orclCryptoScheme in Root entry (Note: By default this attribute is not visible but when you update attribute value using ldapmodify then you can view attribute orclCyyptScheme)
5. To check hashing algorithm used for userPassword attribute, create dump of OID users using
ldifwrite connect=”OIDDB” basedn=”cn=atul,cn=Users,dc=onlineAppsDBA,dc=com” ldiffile=”atul.ldif”
Check {Algorithm} SSHA for attribute userPassword
________
dn: cn=atul,cn=Users,dc=onlineAppsDBA,dc=com
authpassword;oid: {SASL/MD5}Af40OwzEC+cpEGGhxgEKiA==
authpassword;oid: {SASL/MD5-DN}J7Y7iZLzL9olRbPBQPkPdQ==
orclpassword: {x- orcldbpwd}1.0:DBC33603EF1B2081
orclsamaccountname: atul
pwdchangedtime: 20140219161252z
sn: atul
uid: atul
userpassword: {SSHA}sTrbgp/d46Ay8ipXHSor7f9YYl+CmaLSv2jr6A==
________
6. To change hashing algorithm used for userPassword attribute use ldapmodify as mentioned here
.
Related/References
Oracle ACE, Author, Speaker and Founder of K21 Technologies & K21 Academy : Specialising in Design, Implement, and Trainings.
what is default salt lenght for SSHA and how do we cofigure that length to 128 bit
Reply