sambaPasswordHistory LDAP Attrinbute
Jeremy Allison
jra at samba.org
Fri Nov 5 19:06:08 GMT 2004
On Fri, Nov 05, 2004 at 01:58:32PM -0500, Jared Rich wrote:
> i guess i'm not understanding this right...
>
> the first 16 bytes make up the salt (unhashed) and the last 16 bytes make up
> the hash of the salt and the MD4 unicode password?
>
> how is the salt applied?
Here is the algorithm.
Hash = MD4(unicode password).
Salt = 16 bytes random values.
What is stored is :
[Salt][MD5(Salt+Hash)]
Where the + is a concatenation of the two 16 byte
values.
To check is a new password matches a history.
For each entry in the history list, calculate :
MD5(Salt + MD4(unicode new password)) and compare
with the second 16 bytes stored. If it matches, then
so did the new password.
Jeremy.
More information about the samba-technical
mailing list