--On Tuesday, January 14, 2020 9:12 AM +0100 Ulrich Windl
> As Howard already noted, what we're looking for is something
> Argon2, not further SSHA derivatives.
There may be a security benefit like going from paranoid to triple
paranoid, but for real life I think users' poor passwords and the
handling of those (keeping them in unsafe memory, fishing, post-it
stickers, etc.) gives real attackers easier means go "get the password".
The OpenLDAP Foundation can only take responsibility for its software, not
user habits. Security of the software it provides is a project priority.
Packaged, certified, and supported LDAP solutions powered by OpenLDAP: