[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [wss-dev] Should UsernameToken Password Equivalent be Base64Encoded after Hashing?
The first one. We don't hash base 64. Hal > -----Original Message----- > From: Patrick Ryan [mailto:oasis@pryan.org] > Sent: Thursday, June 17, 2010 7:52 PM > To: wss-dev@lists.oasis-open.org > Subject: [wss-dev] Should UsernameToken Password Equivalent be Base64 > Encoded after Hashing? > > > Hello, > > When using WSS UsernameToken Profile 1.1 with passwords of > type PasswordDigest using the nonce > and creation timestamp, how should the password equivalent be > computed? > > There seems to be two candidate methods: > > 1. Password_Digest = Base64 ( SHA-1 ( nonce + created + SHA-1 > ( password ) ) ) > > 2. Password_Digest = Base64 ( SHA-1 ( nonce + created + > Base64 ( SHA-1 ( password ) ) ) ) > > Which one should be used? Or is there a third method? > > Thanks, > Patrick > > --------------------------------------------------------------------- > To unsubscribe, e-mail: wss-dev-unsubscribe@lists.oasis-open.org > For additional commands, e-mail: wss-dev-help@lists.oasis-open.org > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]