Open RomanEmelyanov opened 6 years ago
alexivkin
commented
6 years ago SHA is a hash and can not be reversed. If you want to just validate, take the salt from erpassword, prefix your password with it and run SHA256. Also check out https://github.com/alexivkin/ISIM-Crypto-Seer
RomanEmelyanov
commented
6 years ago Just for demo: 1 some user have ITIM pass "Nokia1100" 2 his record in LDAP: "erpassword: SHA-256:bmQ3OTY1ZWx5bDRm:PePXdPDUta5KoHTAPcccR3H3Gczik4UML76RjMt8+z4=" 3 after decode base64 I'v got: Hash: 3de3d774f0d4b5ae4aa074c03dc71c4771f719cce293850c2fbe918ccb7cfb3e Salt: nd7965elyl4f 4 any combination of sha256(salt:pass) or sha256(pass:salt) does NOT give me valid hash.
Any ideas?
Do you know how proceed the SHA-256 hash in ISIM?
Inside LDAP format is: erpassword: SHA-256:{salt}:{hash}
In IBM docs I found "A random salt value is added to the data before it is hashed." https://www.ibm.com/support/knowledgecenter/SSRMWJ_7.0.0/com.ibm.isim.doc_7.0/reference/ref/ref_ic_enroleprops_pwdencrypt.htm
but can NOT validate password.
Do I need to decrypt hash/salt first?