[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: RFC2256: userPassword

To: Robert Allen <robert.allen@eng.Sun.COM>
Subject: RE: RFC2256: userPassword
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.Org>
Date: Tue, 29 Jun 1999 11:46:15 -0700
Cc: paulle@microsoft.com, gomez@lhola.engr.sgi.com, ietf-ldapext@netscape.com
In-reply-to: <0FE3002E6OI53C@ha-sims.eng.sun.com>
Resent-date: Tue, 29 Jun 1999 11:56:04 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"uLYQoD.A.CEG.9aRe3"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

At 10:58 AM 6/29/99 -0700, Robert Allen wrote:
>The argument here is that having a bunch of world
>readable passwords IS the same as having cleartext passwords
>in todays world.

The counter argument is that userPasswords are bound to fall
into the wrong hands regardless of what access controls you
deploy.

A causal user given a cleartext password for another DN
is likely to use it.  A determined cracker who has thwarted
access controls to obtain a salted MD5/SHA1 hash of a
password likely won't waste time trying to crack the
hash.

Kurt

References:
- RE: RFC2256: userPassword
  - From: Robert Allen <robert.allen@eng.Sun.COM>

Prev by Date: Re: RFC2256: userPassword
Next by Date: Re: RFC2256: userPassword
Index(es):
- Chronological
- Thread