[Date Prev][Date Next] [Chronological] [Thread] [Top]

Antw: sha2 module and 2.4.39, iterations question



>>> bitsofinfo <bitsofinfo.g@gmail.com> schrieb am 04.09.2014 um 20:20 in Nachricht
<5408AD51.9060209@gmail.com>:
> Hi -
> openldap version = 2.4.39
> 
> With:
> moduleload      pw-sha2.la
> 
> I have an application that generates SHA256 b64 encoded hashes w/ a
> 4byte (16bit) salt and stores them in userPassword and binds work fine
> 
> When I add this to slapd.conf:
> 
> password-crypt-salt-format $5$rounds=1000$%.16s

Isn't that passed to crypt(3) of glibc? If so, the format seems to be
$id$salt$encrypted
And the length of the salt seems to be fixed (86 characters!)

Regards,
Ulrich

> 
> And change my application to add 1000 iterations when it writes to
> userPassword, then binds fail
> 
> pw in userPassword is generated in this format:
> {SSHA256}b64Encoded(sha256Digest1000Iterations(pw+salt)+salt)
> 
> Is "password-crypt-salt-format" the correct place to specify we want to
> use iterations on our hashes? Is this configurable?