01-10-2018, 02:26 PM
They are from a DNS/DHCP appliance where the backup contains an XML based database file. Honestly I don't know if it's LDAP, because the appliance is locked and I can only access it's webinterface.
By reading the RFC on which it's based:
Example:
Given a user "joe" who's password is "mary" and a salt of "salt",
the authInfo field would be the base64 encoding of "salt" and the
authValue field would be the base64 encoding of the SHA1 digest of
"marysalt".
It means the start of the string is the base64 $salt, then comes the ($password:$salt), in base64, no?
Or in other words "$salt($password:$salt)" while ($password:$salt) is in sha1 and the whole string "$salt($password:$salt)" in base64. Assuming authInfo comes before authValue.
By reading the RFC on which it's based:
Example:
Given a user "joe" who's password is "mary" and a salt of "salt",
the authInfo field would be the base64 encoding of "salt" and the
authValue field would be the base64 encoding of the SHA1 digest of
"marysalt".
It means the start of the string is the base64 $salt, then comes the ($password:$salt), in base64, no?
Or in other words "$salt($password:$salt)" while ($password:$salt) is in sha1 and the whole string "$salt($password:$salt)" in base64. Assuming authInfo comes before authValue.