Thanks all for all your advises. I am working on it ...
Alain
-----Message d'origine----- De : Ulrich Windl Ulrich.Windl@rz.uni-regensburg.de Envoyé : jeudi 9 juin 2022 09:04 À : RAIMBAULT Alain - Contractor alain.raimbault@external.thalesgroup.com; quanah@fast-mail.org; openldap-technical@openldap.org Objet : Antw: [EXT] RE: Failing to modify olcSizeLimit
Quanah Gibson-Mount quanah@fast-mail.org schrieb am 08.06.2022 um 18:03
in Nachricht <1AA0097E3E4235DC5675E461@[192.168.1.17]>:
discover that password. I'd also advise them to change it, since you publicly shared the SHA‑1 hash with the world. I'd also advise them to use
Ignoring weak passwords, what are realistic brute-force attack times on SSHA today? I also wonder whether trying brute-force is worth it as the poster could have swapped one or two characters in the BASE64 encpoding before sending ;-)
a more secure hashing function (At least SSHA512, or even better upgrade to
a currently supported release of OpenLDAP and use ARGON2).
Personally I think weak passwords (or the handling of such) is much more of a security problem as SSH is. However from the standpoint of admin, you are better off to use a strong hashing function as it allows you to argue: It must be the user's fault if the password became available...
Regards, Ulrich