Re: Antw: Re: Openldap support SHA-256 or SHA-3.
>> Quanah Gibson-Mount <quanah(a)symas.com> schrieb am
13.01.2020 um 17:14 in
Nachricht <071D2235949B1A9339670C6A(a)[192.168.1.144]>:
‑‑On Monday, January 13, 2020 12:07 PM +0100 Ulrich Windl
<Ulrich.Windl(a)rz.xn--uniregensburg-dm6g.de> wrote:
>>>> Giuseppe De Marco <giuseppe.demarco(a)unical.it> schrieb am
07.01.2020 um
> 23:53
> in Nachricht
> <CABms+Yrhi7PkwV2z99T5W3i6D2jpbo8s8=GESTLYyXb5mh8jdg(a)mail.gmail.com>:
>> https://sha‑mbles.github.io/
>>
>> Probably it's time to consider the deprecation of SHA1
>
> The question is how much existing OSes would be impressed by that,
> meaning: If the OS can only handle SHA1, it does not help declaring it
> obsolete...
The OS is completely and utterly irrelvant to the discussion. It has no
knowledge of the internal hashing mechanism used by OpenLDAP.
So you are assuming all systems are using the extended operation to
authenticate? Acually I've see code that reads the LDAP user's password and
then "combines" that with a password the user has entered.
In the former case the password encoding matters. I'm not saying the pattern
is good, but I've seen it.
‑‑Quanah
‑‑
Quanah Gibson‑Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>