[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: SHA-2 and other hashes
Howard, hello.
On 3 Jun 2019, at 15:07, Howard Chu wrote:
SHA-2 in any form is unsuitable for use as a password hash, simply
because it is too easy to compute.
At this point the best choice is the one that won the Password Hashing
Competition - Argon2.
https://github.com/P-H-C/phc-winner-argon2
That makes sense -- thanks.
Patches for adding this to OpenLDAP would of course be welcome.
I'm sure. However I fear I'm not going to be able to oblige in the
short term....
Best wishes,
Norman
--
Norman Gray : https://nxg.me.uk