[Date Prev][Date Next] [Chronological] [Thread] [Top]

Antw: sha2 module and 2.4.39, iterations question

To: "bitsofinfo" <bitsofinfo.g@gmail.com>, <openldap-technical@openldap.org>
Subject: Antw: sha2 module and 2.4.39, iterations question
From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>
Date: Fri, 05 Sep 2014 08:13:46 +0200
Content-disposition: inline
In-reply-to: <5408AD51.9060209@gmail.com>
References: <5408AD51.9060209@gmail.com>

>>> bitsofinfo <bitsofinfo.g@gmail.com> schrieb am 04.09.2014 um 20:20 in Nachricht
<5408AD51.9060209@gmail.com>:
> Hi -
> openldap version = 2.4.39
> 
> With:
> moduleload      pw-sha2.la
> 
> I have an application that generates SHA256 b64 encoded hashes w/ a
> 4byte (16bit) salt and stores them in userPassword and binds work fine
> 
> When I add this to slapd.conf:
> 
> password-crypt-salt-format $5$rounds=1000$%.16s

Isn't that passed to crypt(3) of glibc? If so, the format seems to be
$id$salt$encrypted
And the length of the salt seems to be fixed (86 characters!)

Regards,
Ulrich

> 
> And change my application to add 1000 iterations when it writes to
> userPassword, then binds fail
> 
> pw in userPassword is generated in this format:
> {SSHA256}b64Encoded(sha256Digest1000Iterations(pw+salt)+salt)
> 
> Is "password-crypt-salt-format" the correct place to specify we want to
> use iterations on our hashes? Is this configurable?

References:
- sha2 module and 2.4.39, iterations question
  - From: bitsofinfo <bitsofinfo.g@gmail.com>

Prev by Date: Re[4]: Trying to Mirror 2 OpenLDAP servers
Next by Date: Antw: sha2 module and 2.4.39, iterations question
Index(es):
- Chronological
- Thread