Leo Soto M. wrote:
On Tue, Jan 27, 2009 at 5:25 PM, Leo Soto M. <leo.s...@gmail.com> wrote:
[...]
By poking at the ODS code, looks like the correct function is:
password_hash = SHA1(concat(user_name, pwd_magic_calc(username, password, 1)))
But then, what is the definition of pwd_magic_calc? (assuming that the
function shown above is correct).
Experimenting on my local virtuoso I've found that for all inputs I
provided the following holds true:
pwd_magic_calc(username, password, 1) == password
Is that something we can rely on to be invariant?
Leo,
The second argument should be the encrypted version of the password,
hence as a further example you can do the following:
select u_name, pwd_magic_calc(u_name, u_password) from sys_users;
which decodes the passwords stored in the sys_users table. This you
could combine with your example above to test whether someone has
supplied the correct password.
Rob.
--
Tim Haynes
Product Development Consultant
OpenLink Software
<http://www.openlinksw.com/>
