--On Tuesday, January 7, 2020 10:44 AM -0800 rammohan ganapavarapu rammohanganap@gmail.com wrote:
Does openldap support SHA-256 or SHA-3 schemes? to address the below issues?
There is a module in contrib that is included with most vendor builds that allows up to SSHA512. I've long suggested using it. The default of SSHA1 is mandated by RFC (which IMHO needs updating at this point).
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
Quanah Gibson-Mount wrote:
--On Tuesday, January 7, 2020 10:44 AM -0800 rammohan ganapavarapu rammohanganap@gmail.com wrote:
Does openldap support SHA-256 or SHA-3 schemes? to address the below issues?
There is a module in contrib that is included with most vendor builds that allows up to SSHA512. I've long suggested using it. The default of SSHA1 is mandated by RFC (which IMHO needs updating at this point).
Just to note, both SHA2 and SHA3 are designed to be cheap to compute and easy to implement in hardware. Neither of these are desirable properties for a password hash. At this point we should only be talking about Argon2, which won the password hashing competition.
https://github.com/P-H-C/phc-winner-argon2
As always - patches welcome.
Hello,
Does this project https://github.com/sonOfRa/openldap/tree/argon2/contrib/slapd-modules/passwd... could respond or it is off topic ?
Regards, <signaturebeforequotedtext></signaturebeforequotedtext> Le 08/01/20 00:47, Howard Chu hyc@symas.com a écrit :
Quanah Gibson-Mount wrote:
--On Tuesday, January 7, 2020 10:44 AM -0800 rammohan ganapavarapu rammohanganap@gmail.com wrote:
Does openldap support SHA-256 or SHA-3 schemes? to address the below issues?
There is a module in contrib that is included with most vendor builds that allows up to SSHA512. I've long suggested using it. The default of SSHA1 is mandated by RFC (which IMHO needs updating at this point).
Just to note, both SHA2 and SHA3 are designed to be cheap to compute and easy to implement in hardware. Neither of these are desirable properties for a password hash. At this point we should only be talking about Argon2, which won the password hashing competition.
https://github.com/P-H-C/phc-winner-argon2
As always - patches welcome.
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
<signatureafterquotedtext>--
Frederic Poisson
</signatureafterquotedtext>
On Wed, Jan 08, 2020 at 01:52:11PM +0100, "POISSON Frédéric" wrote:
Hello,
Does this project https://github.com/sonOfRa/openldap/tree/argon2/contrib/slapd-modules/passwd... could respond or it is off topic ?
This is being tracked in ITS#8575 and should be part of 2.5 release.
openldap-technical@openldap.org
-
"POISSON Frédéric" -
Howard Chu -
Ondřej Kuzník -
Quanah Gibson-Mount