RE: RFC2256: userPassword

[John Schnizlein <jschnizl@cisco.com>]

At 03:03 PM 6/29/99 -0700, Paul Leach wrote:
>
>
>> From: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.Org]
>> At 02:07 PM 6/29/99 -0700, Howard Chu wrote:
>> >How do you store the key that's used to encrypt
>> >the userPassword?
>> 
>> When using one-way hash algorithms, you don't decrypt.
>> The server only needs to record the value of the hash and the salt
>> (if used).
>> 
>> 	if Hash(password, Salt(userPassword)) equals userPassword
>> 		approve
>> 	else
>> 		disapprove
>> 
>> where password is the password supplied with the bind operation,
>> userPassword is the recorded "encrypted" value, and Salt() extracts
>> the salt from the recorded value, and Hash generates an "encrypted"
>> value (with embedded salt).
>
>And I'll say again -- this is not secure enough for today's world. If the
>above Hash is very fast, then it is easy to test trillions of candidate
>passwords against the stored userPassword attribute.

What is more, the value of using a generally accessible directory,
instead of a proprietary database, for the password is lost if only
the authenticator has the hash parameters. The benefit for users is
that a different (e.g. Web) system could be used to change passwords.

The cost of losing shared (authorized) access to the password attribute
should be weighed against the benefit of the threats it protects against.

John