[Date Prev][Date Next] [Chronological] [Thread] [Top]

Modern Password Hashes in Openldap?

To: openldap-technical@openldap.org
Subject: Modern Password Hashes in Openldap?
From: Chris Hiestand <chiestand@salk.edu>
Date: Mon, 29 Apr 2013 15:28:15 -0700

Since SSHA-1 is weak these days I'd like to switch to PBKDF2, Bcrypt or the like with key stretching. Since Openldap does not support relatively strong hashes, do you guys use SASL to store stronger hashes? If so, what kind of backend are you using to store hashes?

Background:
OclHashcat can generate tens of billions of SHA-1 hashes per second with off-the-shelf hardware. But it can only generate thousands of bcrypt hashes per second on similar hadware: https://hashcat.net/forum/thread-1541.html .

Follow-Ups:
- Re: Modern Password Hashes in Openldap?
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

Prev by Date: RE: Chaining stops working after slapd restart
Next by Date: Re: Modern Password Hashes in Openldap?
Index(es):
- Chronological
- Thread