| Subject | Re: Password hashes used in Firebird 1.5 |
|---|---|
| Author | pantilamon |
| Post date | 2010-09-23T10:10:01Z |
--- In firebird-support@yahoogroups.com, "pantilamon" <matt@...> wrote:
I understand in firebird 2 the password hash is SHA-1 of a random salt, the username and then the password. Where is this random salt stored?
>Since writing this I have noticed that if you simply copy the security2.fdb database and rename it to something else then it can be opened up and you can view the password hashes.
>
>
> --- In firebird-support@yahoogroups.com, "gymkus" <schneider@> wrote:
> >
> > Hello,
> >
> > I try to understand the technic how user passwords are transfered from a client login to a firebird 1.5 database server.
> >
> > When I listen my network traffic (e.g. with wireshark) I see that after the username a password hash follows. This password hash consists of 11 charakters.
> > A standard DES-Hash consists of 13 charakters.
> > These 13 charakters are a combination of 2 charakters from the "salt" and 11 charakters from the enncrypted password.
> >
> > So maybe on firbird 1.5 the "salt" is missing ???
> > Does Firebird 1.5 use a standard encryption algorithm?
> >
> > Is it DES with some modifications? Where can I find the "salt"?
> >
> > Thanx for your help.
> > Marco
> >
> I'm trying to do a similar thing with firebird 2.0 and have again used wireshark to snoop for the password. I am very interested in how the password can be decrypted.
>
I understand in firebird 2 the password hash is SHA-1 of a random salt, the username and then the password. Where is this random salt stored?