OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Should UsernameToken Password Equivalent be Base64 Encoded afterHashing?

Hello,

When using WSS UsernameToken Profile 1.1 with passwords of type PasswordDigest using the nonce 
and creation timestamp, how should the password equivalent be computed?

There seems to be two candidate methods:

1. Password_Digest = Base64 ( SHA-1 ( nonce + created + SHA-1 ( password ) ) )

2. Password_Digest = Base64 ( SHA-1 ( nonce + created + Base64 ( SHA-1 ( password ) ) ) )

Which one should be used?  Or is there a third method?

Thanks,
Patrick

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]