[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Antw: Re: Openldap support SHA-256 or SHA-3.
>>> Quanah Gibson-Mount <quanah@symas.com> schrieb am 08.01.2020 um 03:05 in
Nachricht <CA17B510ABD069A7884B759C@[192.168.1.144]>:
>
> --On Tuesday, January 7, 2020 11:25 PM +0100 Michael Ströder
> <michael@stroeder.com> wrote:
>
>> AFAICS RFC 3112 was never implemented in OpenLDAP. Thus I'd consider
>> this to be rather irrelevant here.
>
> Incorrect, it's clearly implemented in slapd. Whether it's enabled is a
> different question, as it's IFDEF'd behind SLAPD_AUTHPASSWD. ;)
>
> In any case, I've been advocating for several years now to get rid of SSHA
> as the default hashing mechanism and replace it with something that may
> actually have some security value.
Is a "well-salted" SHA-1 really worse than a "poorely-salted" SHA-256? Isn't
it all aboput the number of bits that have to be checked (brute-force)?
>
> --Quanah
>
> --
>
> Quanah Gibson-Mount
> Product Architect
> Symas Corporation
> Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
> <http://www.symas.com>