[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: I-D ACTION:draft-zeilenga-ldap-authpasswd-03.txt

To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Subject: Re: I-D ACTION:draft-zeilenga-ldap-authpasswd-03.txt
From: Rich Salz <rsalz@caveosystems.com>
Date: Fri, 14 Jul 2000 13:08:57 -0400
Cc: ietf-ldapext@netscape.com
References: <200007131027.GAA11142@ietf.org> <4.3.2.7.0.20000714084856.00b3f9f0@infidel.boolean.net>

> Because if a flaw is found in the SHA-1 algorithm, your
> directory would be vulnerable to attack if you exposed
> SHA-1 values.

If a flaw is found in SHA-1 then the entire public-key world will fall
apart.

I fail to see the point of hashing something if the hash is perceived no
more secure than the plaintext.  The recommendation should be dropped.
	/r$

Follow-Ups:
- Re: I-D ACTION:draft-zeilenga-ldap-authpasswd-03.txt
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: I-D ACTION:draft-zeilenga-ldap-authpasswd-03.txt
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- I-D ACTION:draft-zeilenga-ldap-authpasswd-03.txt
  - From: Internet-Drafts@ietf.org
- Re: I-D ACTION:draft-zeilenga-ldap-authpasswd-03.txt
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: LDAP subentry schema request for last call
Next by Date: Re: I-D ACTION:draft-ietf-ldapext-refer-00.txt
Index(es):
- Chronological
- Thread