What Hashing Algorithm OID uses to store user Password : SSHA or MD5

User’s password is stored in attribute userPassword and for security reasons value in password userPassword is hashed using SSHA (Salted Secure Hashing Algorithm) Algorithm . More on SHA here and Salt here

Here are key points related to password in OID

1. User’s Password in OID are stored in attribute userPassword

2. User’s password can be stored either in
a) One-way hashed value (This is more secure)
or
b) Encrypted value

3. Default userPassword hashing algorithm has changed from MD5 (in 10g OID) to SHA (in 11g OID)

4. Hashed algoritm used by OID is stored in attribute orclCryptoScheme in Root entry (Note: By default this attribute is not visible but when you update attribute value using ldapmodify then you can view attribute orclCyyptScheme)

 

 

 

5. To check hashing algorithm used for userPassword attribute, create dump of OID users using

ldifwrite connect=”OIDDB”  basedn=”cn=atul,cn=Users,dc=onlineAppsDBA,dc=com” ldiffile=”atul.ldif”

Check {Algorithm} SSHA for attribute userPassword

________

dn: cn=atul,cn=Users,dc=onlineAppsDBA,dc=com

authpassword;oid: {SASL/MD5}Af40OwzEC+cpEGGhxgEKiA==
authpassword;oid: {SASL/MD5-DN}J7Y7iZLzL9olRbPBQPkPdQ==
orclpassword: {x- orcldbpwd}1.0:DBC33603EF1B2081
orclsamaccountname: atul
pwdchangedtime: 20140219161252z

sn: atul
uid: atul
userpassword: {SSHA}sTrbgp/d46Ay8ipXHSor7f9YYl+CmaLSv2jr6A==

________

6. To change hashing algorithm used for userPassword attribute use ldapmodify as mentioned here

.

Related/References

About the Author Masroof Ahmad

Leave a Comment:

1 comments
Add Your Reply