[Date Prev][Date Next] [Chronological] [Thread] [Top]

Antw: sha2 module and 2.4.39, iterations question



>>> Ulrich Windl schrieb am 05.09.2014 um 08:13 in Nachricht <5409549A.353 : 161 :
60728>:
>>>> bitsofinfo <bitsofinfo.g@gmail.com> schrieb am 04.09.2014 um 20:20 in Nachricht
> <5408AD51.9060209@gmail.com>:
> > Hi -
> > openldap version = 2.4.39
> > 
> > With:
> > moduleload      pw-sha2.la
> > 
> > I have an application that generates SHA256 b64 encoded hashes w/ a
> > 4byte (16bit) salt and stores them in userPassword and binds work fine
> > 
> > When I add this to slapd.conf:
> > 
> > password-crypt-salt-format $5$rounds=1000$%.16s
> 
> Isn't that passed to crypt(3) of glibc? If so, the format seems to be
> $id$salt$encrypted
> And the length of the salt seems to be fixed (86 characters!)

Sorry: The salt is up to 16 characters; the _oervall size_ is 86 characters.

> 
> Regards,
> Ulrich
> 
> > 
> > And change my application to add 1000 iterations when it writes to
> > userPassword, then binds fail
> > 
> > pw in userPassword is generated in this format:
> > {SSHA256}b64Encoded(sha256Digest1000Iterations(pw+salt)+salt)
> > 
> > Is "password-crypt-salt-format" the correct place to specify we want to
> > use iterations on our hashes? Is this configurable?
> 
> 
>