<br><br><div><span class="gmail_quote">On 1/16/06, <b class="gmail_sendername">Roman Medina-Heigl Hernandez</b> <<a href="mailto:roman@rs-labs.com">roman@rs-labs.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Hi,<br><br>I've been told that Solaris' NS_LDAP_BINDPASSWD could be decrypted. For<br>instance:<br><br> $ ldapclient -l<br> NS_LDAP_FILE_VERSION= 1.0<br> NS_LDAP_BINDDN=<br>cn=proxyagent,ou=profile,dc=blr03-01,dc=india,dc=sun,dc=com
<br> NS_LDAP_BINDPASSWD= {NS1}3d1a48xxxxxxxxx<br>...<br><br><br>The pass is {NS1}3d1a48xxxxxxxxx. Is it really possible to decode it and<br>get the plaintext password? I couldn't find any useful info about<br>decoding NS1 passwords.
</blockquote><div><br>Well, according to the FAQ (<a href="http://blogs.sun.com/roller/resources/raja/ldap-psd.html">http://blogs.sun.com/roller/resources/raja/ldap-psd.html</a>), it's just some simple encryption:<br><br>
"
5.6. What is NS1 format?? How is the NS1 format converted/used to <br>
authenticate against the userPassword in CRYPT format in the LDAP
server?<br>
<br>
The Native LDAP client library (libsldap) uses an internal and simple<br>
algorithm to encrypt (and tag) the proxyagent password so that it<br>
would not be stored in /var/ldap/ldap_client_cred in plaintext.<br>
<br>
The NS1 encrypted password will be decrypted by the libsldap library<br>
before authenticating the proxy agent to the LDAP server. From the<br>
server perspective, it receives and process the plaintext password to<br>
match the crypt userPassword as usual."<br><br>The libsldap library obviously can decrypt this, so it should be easy to write a tool which will do this (once you know how encryption/decryption works). But, from the text above, it's pretty clear that this is not a one way function.
<br><br>Cheers,<br><br>Bojan<br></div></div>