We hash at the application side (java) before persisting it into the table. We use SSHA256. At high level below is the pseudo code of hashing.
========================= //Generate salt Generate 5 byte salt
//Add salt and password to message digest instance Get Message Digest instance messageDigest.update(salt); messageDigest.update(password.getBytes());
//hash the content byte[] hashedText = new byte[32+salt_length]; messageDigest.digest(hashedText, 0, 32);
// append the salt to the hashed text System.arraycopy(salt, 0, hashedText, len, saltLength);
Store above byte[] in base64 format in RDBMS
================================= -----Original Message----- From: Quanah Gibson-Mount quanah@symas.com Sent: Wednesday, November 4, 2020 9:32 PM To: Thangavel, Parameswaran; openldap-technical@openldap.org Subject: Re: Migration of Password Hash from RDBMs
[EXTERNAL EMAIL]
--On Wednesday, November 4, 2020 3:35 AM +0000 "Thangavel, Parameswaran" Parameswaran.Thangavel@rsa.com wrote:
Team,
I looking to replace RDBMS with openldap as datastore for one of the product. One blocker we have is handling the password migration.
The password is stored in hashed format in RDBMS. However, I am not able to get the password migrated.
What password hash is being used by the RDBMS?
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com