6

I'm trying to import passwords from an LDAP to a MySQL database. When I look at the userPassword attribute for the known password test I get this:

userPassword:: e01ENX1DWTlyelVZaDAzUEszazZESmllMDlnPT0=

The password at this stage is base64 encoded, after decoding I get this:

{MD5}CY9rzUYh03PK3k6DJie09g==

-It doesn't look like the CY9.... string is an MD5 hash because it isn't 32-character long (actually 128-bit).
-It doesn't seem to be base64 encoded either as I don't get test after decoding.
-Also when I generate my own MD5 hash out of test I get 098f6bcd4621d373cade4e832627b4f6.

I found this perl script (second one on the page) which does generate {MD5}CY9rzUYh03PK3k6DJie09g== from test but when I look at the script I don't see what I'm missing as it does look like the md5 hash gets base64 encoded before being concatenated with {MD5}:

$ctx = Digest::MD5->new;
$ctx->add('secret');
$hashedPasswd = '{MD5}' . encode_base64($ctx->digest,'');

Can someone explain the step to get from test to CY9rzUYh03PK3k6DJie09g==?

Max
  • 3,373
  • 15
  • 51
  • 71

1 Answers1

4

Have you checked the second parameter of the PHP md5() function?

cat md5.php 
<?php echo base64_encode(md5('test',true));

php md5.php 
CY9rzUYh03PK3k6DJie09g==

You should use the raw binary format (and that's why it was encoded with base64).

Giovanni Toraldo
  • 2,557
  • 18
  • 27