[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Openldap support SHA-256 or SHA-3.

To: openldap-technical@openldap.org
Subject: Re: Openldap support SHA-256 or SHA-3.
From: Simone Piccardi <piccardi@truelite.it>
Date: Wed, 8 Jan 2020 10:27:34 +0100
Autocrypt: addr=piccardi@truelite.it; prefer-encrypt=mutual; keydata= xsDiBDmYEScRBACYzLhKEFTLhKcGSCqbYsSMxqDiJdXyziqVnYaExmINuSx0dYm6KMYmWya+ 2hVszYAQ1JxJHJbAENe4SoXlUIqY5msG+Qz8sGOBFX8H+Ih8Bq9KnF2bcXrO88qyxlEedgKj 8liwUusE+NNqvojWLMRQVubfYLSGYxlXn3XJQoBphwCg7u5LuWM4gh8fl3XDWwkZfwl7GlsD /RpphFXODqTTDg7nVEdP1NiPtiS9mKw6HzYsBHhM/IEt4GVmTXe2ee27smAGCUkdB3lf/xGT xwkwe4yL8xH8QkiKEmvZNftdzVDALYfeIXt/GI4rAvItuWjq5f8RHUD71iisz+ZDwgMmASmO 7Hpr0p++R9RTdsF7GwHP3TJ3WDZ9A/9FD9y/4VniMHzsT0yAIeFKUhc5M1UZz7CLg3BvLYEX tzqLen5GxTvB2QIG7eswzWW36dNZXdHeaci7dGjRt7jS02luPXd945T+bjAg03QdxBpwrz/p 61MkqwV0GItHIuySxAQ09d+zyozzeSBOrxrWMacVeVuzKh/3F9xO3aOCSc01U2ltb25lIFBp Y2NhcmRpIChUcnVlbGl0ZSBTckwpIDxwaWNjYXJkaUB0cnVlbGl0ZS5pdD7CXAQTEQIAHAUC PpG1/AIbAwQLBwMCAxUCAwMWAgECHgECF4AACgkQwS3IBiqXL50oJQCfT4Z0Gq361It4+YMF JrXzeGI3skYAnR0o5oDhpGaV24cdMXY9hbmnD2LpzsNNBDmYE/wQEADnXFJfn8G4k9e7sxKO +wZBowHOB9MD8z4sNxH7udXD6XoabA8EGT4mnzxAczpr9Dy2IP+Dq8KsSxhYHFrap2NIxxE+ kVONo7dThzfuEoJseeHQ+VDtfB4c6mM63CiUMUmZJjQwCxNiZ56QIGEcpe6tNWfmM/KJjg7W /pqMp9lFt9X91IuBODsNHZJ/75+q+us8Lj9RrI2jsVbO1c53yZKyC1FTAOJppWzBKtJHJjSf auL62l9MRFU6BNSaPqEzfhvosKt+ark2mu+GyapB554UoIiHNlmE+6jB9U4jYHKtRjKHs2BK MzSBaILvJU4c/UmpEOww0Ejgrd7dgsZ5W9xx5hVPmjTlkoEXef3K5E4rmfaWmoiI4Asq1llG SqANPycv0IZxacfwg/1251jtEHO9LVIaYtPMshW6tENKryFD+fwbHbmoOPLQTSI0NUt0gVPA +lTQNdEhArbRwaj9W3VCiNl+pznAeLzXRUiF9COBYoMjpFL6XA2mLIAYcW/ZthgjPJ04LlZt JAWKNAiVLQyK9xpKUP6pu8Z3MmAT9eB3zQ0pYiDUqwdBIerzCPyPM9kYCmZsqj3wvoGwOtd5 tbEIwJPs2sc1VIXKIksv7g17eILScKzDqMkD1oLTy7L7fTzQu1cOkmXaHVCMDy3rQQyPL2qA BZ1BR5x52NP9DlEPiwADBg/+IVg9pWFufgAdlxiu3mXq6BantGyOKXVwdo6sw3QlJpzY9qqN GcstvXNXv9l6JIKlmAZxTSmOknyDsygNDWGnlqF6AYVtsmMn/rK0VRMpRfLIQtPYR5XGiYUI 8JyJdKsEz5xt19vi+X7h4JnbJ+wcPKiXPOhNtsZzz3fWACbttQdzg76jGEqU7Ukof4ysE1ey HT30q8fjw+Db8w0RamyqYeWXgMkp5ptNhyqaX+5UwjuCHvt3NvqItwUhEv44Ywvp9RkRsXh/ VKQVqzanWofkMLJPZXFfrcJjVjnapNQa5Qe7trcaKjBx+00bM1cVB7Bpa7zu9lIUaQKgfTcp mdYfXPoId8amguyeIEc4BTZinQyQW1q45pBUN7oy2O+89wpIgopAndsEmB8Y87V+CtlycgSy rB7oGpSnwgpuDi05a5WEFJ+jtmpRIR+eGipGzQPzMg09haNAWsvl5OwojEAxy2/6xHPOIkBL 4l7havfQk7wdpMG0hFUPWeSUMJGMS0XOtsb57Lng6cErsd6TpP0/lYkfaZKmPqmAW1TonT1h CdYhOBC9bwp7AIaHCv/r6Gf+uEr1wGdprUY7BUcNt3gNepLvRsNhb4h2s7hGZDH8PO535Hk+ GOp3XNRfW3BNnGF1dcQtWVfPN26oUUGkOgOnD6Mh9E4yqiZt2NgFubtRs0HCTgQYEQIABgUC OZgT/AASCRDBLcgGKpcvnQdlR1BHAAEBWxcAn19AtWZ5OHMRIkgr5ooeNtrt/UMbAJwPKTws JbkqBtgHRnsMNNmlBIdK6w==
Content-language: en-US
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=truelite.it; s=mail; t=1578475656; bh=g9pCWnWFLtY6xiwTkYkPjdFBIJV3FP/keEOtYYUym2o=; h=Subject:To:References:From:Date:In-Reply-To:From; b=xrt9JE4p6po/12FVPjBydTR2dUFez/yUDpKCEbVwqVvsuu/K3kIbdY2PXcbN3l65x +hG1md5DXgclkWOuVEL0v248EK4ka+B6WeJNqG8GKabY3nv7ZD74R5JzwufbI8e0TW Hy/YwV/vIFGsx3DCSTQiZRF78ehJJ8iZC0U55l+hxDdNGVvPO32RRbFewv9hVVRZIi b0NNyNUYKP140MVPgbUhiCaeeVfTJ8usCNuz6xxZWuO1BAYS3EXRQpWbAM834zvQkF CkjVZ4kLr5zqqH7FNm09KL6inVIEepJtlO9S6x81gFJfAYux3zYfj43OqtB/4frknF TvKqm1uV4peRg==
In-reply-to: <CA17B510ABD069A7884B759C@[192.168.1.144]>
References: <CALm_Vjh4vgOBu8kZrJzRheAyqbZVL0OoE-nRAvc1z+nb-Eow9Q@mail.gmail.com> <67753E9A5A2A2945F035E0CC@192.168.1.144> <CALm_Vji=Mok7kkZ96+EEAu_Osw0rVjBANBrdejKFs=fEr--3HQ@mail.gmail.com> <1C6038D9E08BE216B90B3FF4@[192.168.1.144]> <7209ad32-c522-bc3e-e863-a5ff72c18e8b@stroeder.com> <7180359711BF1270F919BD53@[192.168.1.144]> <930e4cf3-240f-155e-1cbc-c74f68b9ba3e@stroeder.com> <CA17B510ABD069A7884B759C@[192.168.1.144]>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.1

Il 08/01/20 03:05, Quanah Gibson-Mount ha scritto:
> 
> In any case, I've been advocating for several years now to get rid of
> SSHA as the default hashing mechanism and replace it with something that
> may actually have some security value.

But in the current version it better to use the contrib module, or
delegate the hashing to the C library? I'm currently using on new install:

password-hash {CRYPT}
password-crypt-salt-format "$6$%.16s"

but I'm using only Linux, I don't know if this is applicable on other OS.

Simone

Follow-Ups:
- Re: Openldap support SHA-256 or SHA-3.
  - From: Quanah Gibson-Mount <quanah@symas.com>
- Re: Openldap support SHA-256 or SHA-3.
  - From: Michael Ströder <michael@stroeder.com>

References:
- Re: Openldap support SHA-256 or SHA-3.
  - From: Quanah Gibson-Mount <quanah@symas.com>
- Re: Openldap support SHA-256 or SHA-3.
  - From: Michael Ströder <michael@stroeder.com>
- Re: Openldap support SHA-256 or SHA-3.
  - From: Quanah Gibson-Mount <quanah@symas.com>
- Re: Openldap support SHA-256 or SHA-3.
  - From: Michael Ströder <michael@stroeder.com>
- Re: Openldap support SHA-256 or SHA-3.
  - From: Quanah Gibson-Mount <quanah@symas.com>

Prev by Date: Re: Openldap support SHA-256 or SHA-3.
Next by Date: Re : Re: Openldap support SHA-256 or SHA-3.
Index(es):
- Chronological
- Thread