[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Comments on WSS 1.1 Username Token Profile
In http://www.oasis-open.org/committees/download.php/13394/wss-v1.1-spec-pr-UsernameTokenProfile-01.pdf line 378 says "The password and Salt are concatenated in that order." line 383 says "K1 = SHA1( password + Salt)" It is not clear on either of these lines whether "Salt" is a) the 16-byte string of the raw 128-bit salt value or b) the N-byte string of the encoded 128-bit salt value specified in the XML: 1) the 32-byte string of the hex-encoded 128-bit salt value or 2) the 24-byte string of the base64-encoded 128-bit salt value. Note that the distinction between a and b is orthagonal to issue 417. &Thomas.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]