[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Antw: Re: Openldap support SHA-256 or SHA-3.



>>> Quanah Gibson-Mount <quanah@symas.com> schrieb am 13.01.2020 um 17:14 in
Nachricht <071D2235949B1A9339670C6A@[192.168.1.144]>:

> 
> ‑‑On Monday, January 13, 2020 12:07 PM +0100 Ulrich Windl 
> <Ulrich.Windl@rz.uni‑regensburg.de> wrote:
> 
>>>>> Giuseppe De Marco <giuseppe.demarco@unical.it> schrieb am 07.01.2020 um
>> 23:53
>> in Nachricht
>> <CABms+Yrhi7PkwV2z99T5W3i6D2jpbo8s8=GESTLYyXb5mh8jdg@mail.gmail.com>:
>>> https://sha‑mbles.github.io/ 
>>>
>>> Probably it's time to consider the deprecation of SHA1
>>
>> The question is how much existing OSes would be impressed by that,
>> meaning: If the OS can only handle SHA1, it does not help declaring it
>> obsolete...
> 
> The OS is completely and utterly irrelvant to the discussion. It has no 
> knowledge of the internal hashing mechanism used by OpenLDAP.

So you are assuming all systems are using the extended operation to
authenticate? Acually I've see code that reads the LDAP user's password and
then "combines" that with a password the user has entered.
In the former case the password encoding matters. I'm not saying the pattern
is good, but I've seen it.

> 
> ‑‑Quanah
> 
> ‑‑
> 
> Quanah Gibson‑Mount
> Product Architect
> Symas Corporation
> Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
> <http://www.symas.com>