CA Directory: userPassword is inconsistent across copies of DSAs
Article ID: 102289
Updated On:
Products
CA Directory
Issue/Introduction
Why do I see different hash value for userPassword attribute for the same user across MW replicated DSAs?
Environment
Release:
Component: ETRDIR
Component: ETRDIR
Resolution
What you are seeing is by design when a password gets hashed due to use of slat algorithm.
In other words, apart from our obfuscation algorithm (-P CADIR which uses a fixed key), our passwords use one-way hashing algorithms rather than encryption. Salted variants of these algorithms use a random salt to ensure the outcome of the hash is unique to protect against pre-computational hash attacks (like rainbow table attacks). This is the reason why you see different hash value for the same password while the actual password value itself (when you think of it as clear text value) remains the same.
In other words, apart from our obfuscation algorithm (-P CADIR which uses a fixed key), our passwords use one-way hashing algorithms rather than encryption. Salted variants of these algorithms use a random salt to ensure the outcome of the hash is unique to protect against pre-computational hash attacks (like rainbow table attacks). This is the reason why you see different hash value for the same password while the actual password value itself (when you think of it as clear text value) remains the same.
Feedback
Yes
No
Powered by
