bitsofinfo bitsofinfo.g@gmail.com schrieb am 04.09.2014 um 20:20 in Nachricht
Hi - openldap version = 2.4.39
With: moduleload pw-sha2.la
I have an application that generates SHA256 b64 encoded hashes w/ a 4byte (16bit) salt and stores them in userPassword and binds work fine
When I add this to slapd.conf:
password-crypt-salt-format $5$rounds=1000$%.16s
Isn't that passed to crypt(3) of glibc? If so, the format seems to be $id$salt$encrypted And the length of the salt seems to be fixed (86 characters!)
Regards, Ulrich
And change my application to add 1000 iterations when it writes to userPassword, then binds fail
pw in userPassword is generated in this format: {SSHA256}b64Encoded(sha256Digest1000Iterations(pw+salt)+salt)
Is "password-crypt-salt-format" the correct place to specify we want to use iterations on our hashes? Is this configurable?