[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7977) Supported PBKDF2-SHA256 and PBKDF2-SHA512

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#7977) Supported PBKDF2-SHA256 and PBKDF2-SHA512
From: hamano@osstech.co.jp
Date: Fri, 07 Nov 2014 06:10:20 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

Hi,

Please merge the additional patch:
https://www.osstech.co.jp/download/hamano/openldap-pbkdf2_nettle.patch

This patch include nettle support and fix a issue.
https://github.com/hamano/openldap-pbkdf2/pull/4
https://github.com/hamano/openldap-pbkdf2/pull/3

Thank you.

At Wed, 05 Nov 2014 11:57:33 +0000,
Howard Chu wrote:
> 
> Tsukasa HAMANO wrote:
> > Hi, Howard
> >
> > At Wed, 05 Nov 2014 09:32:43 +0000,
> > Howard Chu wrote:
> >>
> >> Any particular reason you've decreased the iterations from 60000 to 10000?
> >>
> >
> > It was too slow when stretching 60000 on powerless server.
> > My tiny VM needed over 1sec if iterate 60000 by PBKDF2-SHA512.
> > RFC recommends more than 1000 iterations, it would be safe enough 10000 iterations.
> > FYI: http://security.stackexchange.com/questions/3959/recommended-of-iterations-when-using-pkbdf2-sha256
> 
> OK. I've committed it without any changes, thanks for the patch.
> 
> > It is desirable to be able to change the operator, but slapasswd does
> > not read slapd.conf so I was stuck.
> > I'm planning to change slappasswd that accept iteration count in the future.
> > Thank you.
> >
> 
> 
> -- 
>   -- Howard Chu
>   CTO, Symas Corp.           http://www.symas.com
>   Director, Highland Sun     http://highlandsun.com/hyc/
>   Chief Architect, OpenLDAP  http://www.openldap.org/project/

-- 
Open Source Solution Technology Corporation
HAMANO Tsukasa <hamano@osstech.co.jp>
fingerprint = 2285 2111 6D34 3816 3C2E  A5B9 16BE D101 6069 BE55

Prev by Date: Re: (ITS#7978) OpenLDAP 2.4 fails to build with LibreSSL
Next by Date: Re: (ITS#7832) Proposing ppolicy extended module for OpenLDAP
Index(es):
- Chronological
- Thread