[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: I-D ACTION:draft-zeilenga-ldap-authpasswd-03.txt
At 11:20 AM 7/14/00 -0400, Rich Salz wrote:
>"It is recommended that the value of (SHA-1 hashes) be protected as if
>they were plaintext. (Sec 5.2)"
>
>Why?
Because if a flaw is found in the SHA-1 algorithm, your
directory would be vulnerable to attack if you exposed
SHA-1 values. The use of SHA-1 (or other algorithms)
offers an additional layer of protection such that if
one layer fails (access controls upon the values), other
layers will offer some protection against immediate
access to the directory. Reliance upon a single layer
of security is unwise.
I will add some text to the next revision discussing
this security consideration.
Kurt