Re: Change Defaulth ssha passoword encryption algorithm

[David Magda <dmagda@ee.ryerson.ca>]

> On Aug 25, 2016, at 19:54, Quanah Gibson-Mount <quanah@zimbra.com> wrote:
> 
> --On Thursday, August 25, 2016 8:46 PM -0400 David Magda <dmagda@ee.ryerson.ca> wrote:
> 
>> It depends on what your operating system's crypt(3) supports. Most
>> Linux/Unix system should support MD5crypt, but that is no longer
>> considered secure (per the original author, PHK).
> 
> Some crypt implementations are non-portable, so using crypt can be problematic.  Generally with the SSHA2 contrib module, there's not a need to go the crypt route.
> 
> More information at <https://github.com/openldap/openldap/tree/master/contrib/slapd-modules/passwd/sha2>

True, though if all the OpenLDAP servers are running on some variant of Linux or FreeBSD 9 or newer, then SHA256-crypt and SHA512-crypt should be available. Folks from Sun and IBM helped with the creation, so Solaris (10u6 and newer) and I’m guessing some versions of AIX may support it as well (see "/etc/security/pwdalg.cfg”).

Also, unless I’m misreading the C code above (which is entirely possible), it looks like the sha2.c contrib module only does one iteration of hashing. Whereas the SHA2-based-crypt algorithm does at least five thousand by default, and can optionally be told to do unto 999,999,999.

Also, straight SHA2, even with salting, is going to fall quite quickly to John the Ripper and such. The SHA2crypt has been designed specifically to be slow for the purposes of securely storing password hashes.