openldap-bugs November 2014

openldap-bugs@openldap.org

15 participants
43 discussions

Re: (ITS#7977) Supported PBKDF2-SHA256 and PBKDF2-SHA512
by hamano＠osstech.co.jp 05 Nov '14

05 Nov '14

Hi, Howard At Wed, 05 Nov 2014 09:32:43 +0000, Howard Chu wrote: > > Any particular reason you've decreased the iterations from 60000 to 10000? > It was too slow when stretching 60000 on powerless server. My tiny VM needed over 1sec if iterate 60000 by PBKDF2-SHA512. RFC recommends more than 1000 iterations, it would be safe enough 10000 iterations. FYI: http://security.stackexchange.com/questions/3959/recommended-of-iterations-… It is desirable to be able to change the operator, but slapasswd does not read slapd.conf so I was stuck. I'm planning to change slappasswd that accept iteration count in the future. Thank you. -- Open Source Solution Technology Corporation HAMANO Tsukasa <hamano(a)osstech.co.jp> fingerprint = 2285 2111 6D34 3816 3C2E A5B9 16BE D101 6069 BE55

1 0

Re: (ITS#7977) Supported PBKDF2-SHA256 and PBKDF2-SHA512
by hyc＠symas.com 05 Nov '14

05 Nov '14

hamano(a)osstech.co.jp wrote: > Full_Name: HAMANO Tsukasa > Version: git master > OS: GNU/Linux > URL: https://www.osstech.co.jp/download/hamano/openldap-pbkdf2_sha2.patch > Submission from: (NULL) (240b:10:2640:bf0:426c:8fff:fe50:23a8) > > > I've supported new schemes PBKDF2-SHA256 and PBKDF2-SHA512. > Thank you. Any particular reason you've decreased the iterations from 60000 to 10000? > > -- > The attached patch file is derived from OpenLDAP Software. All of the > modifications to OpenLDAP Software represented in the following > patch(es) were developed by HAMANO Tsukasa <hamano(a)osstech.co.jp>. I > have not assigned rights and/or interest in this work to any party. > > Copyright 2014 HAMANO Tsukasa <hamano(a)osstech.co.jp> > Redistribution and use in source and binary forms, with or without > modification, e e permitted only as authorized by the OpenLDAP Public > License. > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

(ITS#7977) Supported PBKDF2-SHA256 and PBKDF2-SHA512
by hamano＠osstech.co.jp 05 Nov '14

05 Nov '14

Full_Name: HAMANO Tsukasa Version: git master OS: GNU/Linux URL: https://www.osstech.co.jp/download/hamano/openldap-pbkdf2_sha2.patch Submission from: (NULL) (240b:10:2640:bf0:426c:8fff:fe50:23a8) I've supported new schemes PBKDF2-SHA256 and PBKDF2-SHA512. Thank you. -- The attached patch file is derived from OpenLDAP Software. All of the modifications to OpenLDAP Software represented in the following patch(es) were developed by HAMANO Tsukasa <hamano(a)osstech.co.jp>. I have not assigned rights and/or interest in this work to any party. Copyright 2014 HAMANO Tsukasa <hamano(a)osstech.co.jp> Redistribution and use in source and binary forms, with or without modification, e e permitted only as authorized by the OpenLDAP Public License.

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs November 2014