[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Antw: sha2 module and 2.4.39, iterations question
>>> Ulrich Windl schrieb am 05.09.2014 um 08:13 in Nachricht <5409549A.353 : 161 :
60728>:
>>>> bitsofinfo <bitsofinfo.g@gmail.com> schrieb am 04.09.2014 um 20:20 in Nachricht
> <5408AD51.9060209@gmail.com>:
> > Hi -
> > openldap version = 2.4.39
> >
> > With:
> > moduleload pw-sha2.la
> >
> > I have an application that generates SHA256 b64 encoded hashes w/ a
> > 4byte (16bit) salt and stores them in userPassword and binds work fine
> >
> > When I add this to slapd.conf:
> >
> > password-crypt-salt-format $5$rounds=1000$%.16s
>
> Isn't that passed to crypt(3) of glibc? If so, the format seems to be
> $id$salt$encrypted
> And the length of the salt seems to be fixed (86 characters!)
Sorry: The salt is up to 16 characters; the _oervall size_ is 86 characters.
>
> Regards,
> Ulrich
>
> >
> > And change my application to add 1000 iterations when it writes to
> > userPassword, then binds fail
> >
> > pw in userPassword is generated in this format:
> > {SSHA256}b64Encoded(sha256Digest1000Iterations(pw+salt)+salt)
> >
> > Is "password-crypt-salt-format" the correct place to specify we want to
> > use iterations on our hashes? Is this configurable?
>
>
>