[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Openldap support SHA-256 or SHA-3.

To: Quanah Gibson-Mount <quanah@symas.com>, rammohan ganapavarapu <rammohanganap@gmail.com>, openldap-technical@openldap.org
Subject: Re: Openldap support SHA-256 or SHA-3.
From: Howard Chu <hyc@symas.com>
Date: Tue, 7 Jan 2020 23:44:54 +0000
Dkim-filter: OpenDKIM Filter v2.10.3 zmcc-2-mta-1.zmailcloud.com E74C9CF3B5
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=symas.com; s=37C7994C-28CA-11EA-A30F-68F90BB9D764; t=1578440697; bh=FNJG7KYIYIzhYm4g1fha4JpB1/bhnXS9H+T3n7WCSdM=; h=To:From:Message-ID:Date:MIME-Version; b=ogreDhHcIbvL5vVfyYLE199Zr5NQLLFIXslezP+ldNs3zg82kAEZDkJLQoOd/0Wfe 5F+/CfJTYYFfXKZN/CjHFYABGtbll7ZfvybjT0lsdsY5U70jv7C9IlXRGhFnGF8Sno avEXR2vBsz1huqrhYiMM6SRt4JVgVdFGOm+gWmOYNOOTO5eLv4lJo/XCsh992DkiIQ TE5zQlSvXaEeFS0R1ibZ4gAOljAqs18y5K44WYdULDLVfOigpfo8AmS4mg8YrWM6IP fmv+d8TJ2eCLSBsc4BdR1PEIEC0fHiARuDhUWfItmsckFv0hj1xCbRnAcfffNkB65r 6soTBYEIMBxrg==
In-reply-to: <67753E9A5A2A2945F035E0CC@[192.168.1.144]>
References: <CALm_Vjh4vgOBu8kZrJzRheAyqbZVL0OoE-nRAvc1z+nb-Eow9Q@mail.gmail.com> <67753E9A5A2A2945F035E0CC@[192.168.1.144]>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0 SeaMonkey/2.53

Quanah Gibson-Mount wrote:
> 
> 
> --On Tuesday, January 7, 2020 10:44 AM -0800 rammohan ganapavarapu <rammohanganap@gmail.com> wrote:
> 
>>
>> Does openldap support  SHA-256 or SHA-3 schemes? to address the below
>> issues?
> 
> There is a module in contrib that is included with most vendor builds that allows up to SSHA512.  I've long suggested using it.  The default of SSHA1 is
> mandated by RFC (which IMHO needs updating at this point).

Just to note, both SHA2 and SHA3 are designed to be cheap to compute and easy to implement
in hardware. Neither of these are desirable properties for a password hash. At this point
we should only be talking about Argon2, which won the password hashing competition.

https://github.com/P-H-C/phc-winner-argon2

As always - patches welcome.

-- 
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Follow-Ups:
- Re : Re: Openldap support SHA-256 or SHA-3.
  - From: "POISSON Frédéric" <frederic.poisson@admin.gmessaging.net>

References:
- Re: Openldap support SHA-256 or SHA-3.
  - From: Quanah Gibson-Mount <quanah@symas.com>

Prev by Date: Re: Openldap support SHA-256 or SHA-3.
Next by Date: Re: Openldap support SHA-256 or SHA-3.
Index(es):
- Chronological
- Thread