[Date Prev][Date Next] [Chronological] [Thread] [Top]

sha2 module and 2.4.39, iterations question

To: openldap-technical@openldap.org
Subject: sha2 module and 2.4.39, iterations question
From: bitsofinfo <bitsofinfo.g@gmail.com>
Date: Thu, 04 Sep 2014 14:20:01 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; bh=MjnQiWqMH8DbFpNDxz0vVkjG0TG3Gu7LxK8z8my+qEY=; b=aFNv5E/PNFuSkQOOOHj+jh1dUL/2lxJ36ccnUV9bJbp8/4KMKwhcgJrpnB3DiRhXn9 FTdZMaDbn6/B/Uh7wL0Xm7rfRf74MabCzyNDD6fTswg15vlPjm5cUv+zc2QS4fM+gWPn zuHltm9hrwbdxbW61bh4Z3HXD8iLSHwkLkB9K9QFXwUI4+WAUiWFnDen3DMdoosEoviw 7j7QAar5EAhYGuejcxTVYsD9DkH8Rx5lbBB5ze1i0eOjeoAkJS1lawXJaknGmaaW+sC9 RdhVyOImpo3VD+rhs0irJAN1WveoUqoQtPUIDsjt2eayURFzkEyMPkKY0U+BkX7/crZU bzDQ==
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Thunderbird/31.1.0

Hi -
openldap version = 2.4.39

With:
moduleload      pw-sha2.la

I have an application that generates SHA256 b64 encoded hashes w/ a
4byte (16bit) salt and stores them in userPassword and binds work fine

When I add this to slapd.conf:

password-crypt-salt-format $5$rounds=1000$%.16s

And change my application to add 1000 iterations when it writes to
userPassword, then binds fail

pw in userPassword is generated in this format:
{SSHA256}b64Encoded(sha256Digest1000Iterations(pw+salt)+salt)

Is "password-crypt-salt-format" the correct place to specify we want to
use iterations on our hashes? Is this configurable?

Follow-Ups:
- Antw: sha2 module and 2.4.39, iterations question
  - From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>
- Antw: sha2 module and 2.4.39, iterations question
  - From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>

Prev by Date: Re: slap_queue_csn and slap_graduate_commit_csn in log
Next by Date: Trying to Mirror 2 OpenLDAP servers
Index(es):
- Chronological
- Thread