24 Feb
2017
24 Feb
'17
12:32 p.m.
Michael Ströder wrote:
Quanah Gibson-Mount wrote:
I think it would be wise to update OpenLDAP to a different default for userPassword.
Yes!
We currently have the Contrib SHA2 module,
SHA-2 hashes with one round are also way too fast to be a good password hash algorithm.
It may be time to move the SHA2 module into core,
Yes, but there should be something stronger.
How about moving ./contrib/slapd-modules/passwd/pbkdf2 to core?
Yeah at this point we can probably bypass SHA2 and just go straight to SHA3. There's a lot of crypto software out there already using it. pbkdf2 is still using SHA2.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
2828
Age (days ago)
2828
Last active (days ago)
0 comments
1 participants
participants (1)
-
Howard Chu