[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Openldap support SHA-256 or SHA-3.





--On Wednesday, January 8, 2020 10:27 AM +0100 Simone Piccardi <piccardi@truelite.it> wrote:

Il 08/01/20 03:05, Quanah Gibson-Mount ha scritto:

In any case, I've been advocating for several years now to get rid of
SSHA as the default hashing mechanism and replace it with something that
may actually have some security value.

But in the current version it better to use the contrib module, or
delegate the hashing to the C library? I'm currently using on new install:

password-hash {CRYPT}
password-crypt-salt-format "$6$%.16s"

but I'm using only Linux, I don't know if this is applicable on other OS.

The use of CRYPT may be non-portable. In addition to the SSHA2 password module, there's a module on github that allows the use of bcrypt:

<https://github.com/wclarie/openldap-bcrypt/>

--Quanah


--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>