[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Antw: Re: Openldap support SHA-256 or SHA-3.



>>> Quanah Gibson-Mount <quanah@symas.com> schrieb am 14.01.2020 um 17:01 in
Nachricht <AF994E73E7CA71E6735A3267@[192.168.1.144]>:

> 
> ‑‑On Tuesday, January 14, 2020 9:08 AM +0100 Ulrich Windl 
> <Ulrich.Windl@rz.uni‑regensburg.de> wrote:
>>> The OS is completely and utterly irrelvant to the discussion. It has no
>>> knowledge of the internal hashing mechanism used by OpenLDAP.
>>
>> So you are assuming all systems are using the extended operation to
>> authenticate? Acually I've see code that reads the LDAP user's password
>> and then "combines" that with a password the user has entered.
>> In the former case the password encoding matters. I'm not saying the
>> pattern is good, but I've seen it.
> 
> Then the application is dependent on clear text passwords, not hashed 
> passwords, and again is irrelevant to this discussion.

If it were cleartext, there would not be issues with the hash algorithm used
IMHO.
No, we were talking about SSHA and sucessors.


> 
> ‑‑Quanah
> 
> 
> ‑‑
> 
> Quanah Gibson‑Mount
> Product Architect
> Symas Corporation
> Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
> <http://www.symas.com>