Quanah Gibson-Mount quanah@symas.com schrieb am 13.01.2020 um 17:14 in
Nachricht <071D2235949B1A9339670C6A@[192.168.1.144]>:
‑‑On Monday, January 13, 2020 12:07 PM +0100 Ulrich Windl <Ulrich.Windl@rz.uni‑regensburg.de> wrote:
Giuseppe De Marco giuseppe.demarco@unical.it schrieb am 07.01.2020 um
23:53 in Nachricht CABms+Yrhi7PkwV2z99T5W3i6D2jpbo8s8=GESTLYyXb5mh8jdg@mail.gmail.com:
https://sha%E2%80%91mbles.github.io/
Probably it's time to consider the deprecation of SHA1
The question is how much existing OSes would be impressed by that, meaning: If the OS can only handle SHA1, it does not help declaring it obsolete...
The OS is completely and utterly irrelvant to the discussion. It has no knowledge of the internal hashing mechanism used by OpenLDAP.
So you are assuming all systems are using the extended operation to authenticate? Acually I've see code that reads the LDAP user's password and then "combines" that with a password the user has entered. In the former case the password encoding matters. I'm not saying the pattern is good, but I've seen it.
‑‑Quanah
‑‑
Quanah Gibson‑Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com