[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Modern Password Hashes in Openldap?



Quanah Gibson-Mount wrote:
> --On Monday, April 29, 2013 3:28 PM -0700 Chris Hiestand <chiestand@salk.edu>
> wrote:
> 
>> Since SSHA-1 is weak these days I'd like to switch to PBKDF2, Bcrypt or
>> the like with key stretching. Since Openldap does not support relatively
>> strong hashes, do you guys use SASL to store stronger hashes? If so, what
>> kind of backend are you using to store hashes?
> 
> I would suggest you look at the contrib password module, which supports a
> number of schemes.

To be more precise:
One could use the sources in contrib/slapd-modules/passwd/ as a template for
implementing PBKDF2, Bcrypt, etc. schemes. There are no such implementations yet.

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature