Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-1451

Match non-default salt sizes in SMD5 passwords


    • Type: Improvement
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.6.1
    • Fix Version/s: 3.0.0, 2.8.0
    • Component/s: core server
    • Labels:
    • Support Ticket IDs:


      The customer wishes to import MD5 passwords with 12 byte salts from a legacy database, so that users can authenticate to OpenDJ and then be migrated automatically to a different storage scheme such as Salted SHA-1.

      This doesn't work out of the box because our storage schemes assume each hash (which is of fixed size for each algorithm) is followed by a fixed size salt, and in the Salted MD5 case the salt must be 8 bytes. Rebuilding the Salted MD5 storage scheme with 12 byte salts correctly matches this customer's passwords.

      Instead, each scheme could compute the actual size of the salt used in a stored password using knowledge of the digest size, and transparently work with these passwords.

      In conjunction with this, it might be useful to add support for custom salt sizes when creating new passwords.




            • Assignee:
              cjr Chris Ridd
              cjr Chris Ridd
            • Votes:
              0 Vote for this issue
              1 Start watching this issue


              • Created: