[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Should UsernameToken Password Equivalent be Base64 Encoded afterHashing?
Hello, When using WSS UsernameToken Profile 1.1 with passwords of type PasswordDigest using the nonce and creation timestamp, how should the password equivalent be computed? There seems to be two candidate methods: 1. Password_Digest = Base64 ( SHA-1 ( nonce + created + SHA-1 ( password ) ) ) 2. Password_Digest = Base64 ( SHA-1 ( nonce + created + Base64 ( SHA-1 ( password ) ) ) ) Which one should be used? Or is there a third method? Thanks, Patrick
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]