On Tue, Jun 04, 2013 at 10:49:27PM -0500, cbulist@gmail.com wrote:
We are already using overlay and it is working perfectly. Your point about MD5 is great!...but we have some requirements and the idea is use SSHA-512 for our password. I read some post from Michael talking about this problem and I know that there is a contrib module for SSHA-512.
It all depends on what you are protecting against and what you have to interwork with. The high-profile risk for most organisations is the theft of large numbers of username-password pairs, so I tend to focus on mitigating that risk.
For an indication of the relative strengths of various hash schemes, see Hashcat: http://hashcat.net/oclhashcat-plus/ (table near the bottom of the page).
On the basis of that table, SSHA-512 will gain you about a factor of 10 protection over SSHA1. A single PC with a mid-range graphics card can still try about 70,000,000 password guesses per second.
Remember that MD5 and the SHA series were designed to be *fast*. This is exactly the opposite of what you want when protecting passwords, so password hash schemes have to use delaying tactics on top.
If all your LDAP servers will run on Linux, Solaris, or similar OS then you can stay with $6$ like this:
password-hash {CRYPT} password-crypt-salt-format "$6$%.12s"
The result will be about 60,000 times harder to break than SSHA.
The $6$ hash uses SHA512, but does it many times. The effect is to reduce that single PC's attack rate to nearer 12,000 guesses per second. If your LDAP database gets compromised or someone steals your backup tapes then that extra protection could be very valuable.
Andrew