[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSHA as default password-hash in next password change

To: "cbulist@gmail.com" <cbulist@gmail.com>
Subject: Re: SSHA as default password-hash in next password change
From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
Date: Wed, 5 Jun 2013 13:49:34 +0100
Cc: Michael Ströder <michael@stroeder.com>, openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <51AEB547.7000507@gmail.com>
References: <51ACDF3B.2060003@gmail.com> <51ACF0E0.5030503@stroeder.com> <51AD028E.4080903@gmail.com> <20130604095856.GB25012@slab.skills-1st.co.uk> <51AEB547.7000507@gmail.com>
User-agent: Mutt/1.5.21 (2010-09-15)

On Tue, Jun 04, 2013 at 10:49:27PM -0500, cbulist@gmail.com wrote:

> We are already using overlay and it is working perfectly.
> Your point about MD5 is great!...but we have some requirements and the
> idea is use SSHA-512 for our password.
> I read some post from Michael talking about this problem and I know that
> there is a contrib module for SSHA-512.

It all depends on what you are protecting against and what you have to
interwork with. The high-profile risk for most organisations is the
theft of large numbers of username-password pairs, so I tend to focus
on mitigating that risk.

> > For an indication of the relative strengths of various hash schemes, see
> > Hashcat: http://hashcat.net/oclhashcat-plus/ (table near the bottom of the
> > page).

On the basis of that table, SSHA-512 will gain you about a factor of
10 protection over SSHA1. A single PC with a mid-range graphics card
can still try about 70,000,000 password guesses per second.

Remember that MD5 and the SHA series were designed to be *fast*.
This is exactly the opposite of what you want when protecting
passwords, so password hash schemes have to use delaying tactics on
top.

> > If all your LDAP servers will run on Linux, Solaris, or similar OS then you
> > can stay with $6$ like this:
> >
> > password-hash {CRYPT}
> > password-crypt-salt-format "$6$%.12s"
> >
> > The result will be about 60,000 times harder to break than SSHA.

The $6$ hash uses SHA512, but does it many times. The effect is to
reduce that single PC's attack rate to nearer 12,000 guesses per
second. If your LDAP database gets compromised or someone steals your
backup tapes then that extra protection could be very valuable.

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------

References:
- SSHA as default password-hash in next password change
  - From: "cbulist@gmail.com" <cbulist@gmail.com>
- Re: SSHA as default password-hash in next password change
  - From: Michael Ströder <michael@stroeder.com>
- Re: SSHA as default password-hash in next password change
  - From: "cbulist@gmail.com" <cbulist@gmail.com>
- Re: SSHA as default password-hash in next password change
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
- Re: SSHA as default password-hash in next password change
  - From: "cbulist@gmail.com" <cbulist@gmail.com>

Prev by Date: Re: Possible ppolicy override for other than rootDN
Next by Date: Re: Possible ppolicy override for other than rootDN
Index(es):
- Chronological
- Thread