--On Tuesday, January 14, 2020 9:12 AM +0100 Ulrich Windl Ulrich.Windl@rz.uni-regensburg.de wrote:
As Howard already noted, what we're looking for is something like Argon2, not further SSHA derivatives.
There may be a security benefit like going from paranoid to triple paranoid, but for real life I think users' poor passwords and the handling of those (keeping them in unsafe memory, fishing, post-it stickers, etc.) gives real attackers easier means go "get the password".
The OpenLDAP Foundation can only take responsibility for its software, not user habits. Security of the software it provides is a project priority.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com