OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Comments on WSS 1.1 Username Token Profile

In http://www.oasis-open.org/committees/download.php/13394/wss-v1.1-spec-pr-UsernameTokenProfile-01.pdf
 
line 378 says "The password and Salt are concatenated in that order."
 
line 383 says "K1 = SHA1( password + Salt)"
 
It is not clear on either of these lines whether "Salt" is
a) the 16-byte string of the raw 128-bit salt value or
b) the N-byte string of the encoded 128-bit salt value specified in the XML:
  1) the 32-byte string of the hex-encoded 128-bit salt value or
  2) the 24-byte string of the base64-encoded 128-bit salt value.
 
Note that the distinction between a and b is orthagonal to issue 417.
 
&Thomas.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]