Article

mbluteau's picture
article
Reads:

3458

Score:
5
5
1
 
Comments:

0

Generating MD5 hashed passwords using ECMAScript

Author Info

20 April 2011 - 9:40am
Submitted by: mbluteau

Author Blog
Author Profile

Tags

Tags Map

(View Disclaimer)

While MD5 may not be the most effective way to secure data, it is used by some database applications and other systems. For more info on MD5, you can check: http://en.wikipedia.org/wiki/MD5

Once in a while, when configuring password sync/reset support for applications and systems for a given project, we stumble on MD5 hashed values.

Click to view.

Figure 1: Example Database Application that stores user credentials in MD5.

ECMAScript(aka Javascript) can be used both in workflows(Form Editor) and with IdM drivers through Policy Builder and be called as a function to operate a transformation on a password or attribute value to turn it into a MD5 hash. Using Google, I was able to spot a few examples quickly.

Click to view.

Figure 2: Creating a ECMAScript object in the library.

Click to view.

Figure 3: Referencing the ECMAScript object from driver config.

Click to view.

Figure 4: Using Policy Builder to transform/reformat password or attribute value.

DirXML Script example:

			<do-reformat-op-attr name="LMSPassword">
				<arg-value type="string">
					<token-xpath expression="es:calcMD5(string($MD5Pwd))"/>
				</arg-value>
			</do-reformat-op-attr>

I am storing the value to be hashed in a local variable called MD5Pwd in the action before the action that actually hashes the value, using $MD5Pwd as the argument for my calcMD5 function.

MD5 hash is not reversible(in theory) so we can use this example to provide support for password reset, and password check, but not to obtain the original value(before hash) on the Publisher channel for password sync.

You can download my ECMAScript object below.

AttachmentSize
generate_md5_value.zip2.02 KB

Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).

It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.



Related Articles


User Comments

© 2013 Novell