Quanah Gibson-Mount wrote:
--On Friday, February 24, 2017 9:06 PM +0100 Michael Ströder
> Quanah Gibson-Mount wrote:
>> I think it would be wise to update OpenLDAP to a different default for
>> We currently have the Contrib SHA2 module,
> SHA-2 hashes with one round are also way too fast to be a good password
> hash algorithm.
>> It may be time to move the SHA2 module into core,
> Yes, but there should be something stronger.
Did you just skip entirely past the point where I said:
"but there has been some discussion of the limitations of the current SHA2 module
the past that would likely need addressing"
Sorry, it seems I misread your sentence: I assumed you're talking about concrete
deficiencies of the implementation in ./contrib/slapd-modules/passwd/sha2.
I was referring to strength of password hashing scheme.
And yes, perhaps PBKDF2 should be in core as well. ;)
Would be nice.