[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Revisiting the SHA1 default password hash

Quanah Gibson-Mount wrote:
> I think it would be wise to update OpenLDAP to a different default for userPassword.  


> We currently have the Contrib SHA2 module,

SHA-2 hashes with one round are also way too fast to be a good password hash algorithm.

> It may be time to move the SHA2 module into core,

Yes, but there should be something stronger.

How about moving ./contrib/slapd-modules/passwd/pbkdf2 to core?

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature