[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Antw: Re: Openldap support SHA-256 or SHA-3.

To: <quanah@symas.com>,<giuseppe.demarco@unical.it>
Subject: Re: Antw: Re: Openldap support SHA-256 or SHA-3.
From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>
Date: Tue, 14 Jan 2020 09:08:08 +0100
Cc: openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <071D2235949B1A9339670C6A@[192.168.1.144]>
References: <CALm_Vjh4vgOBu8kZrJzRheAyqbZVL0OoE-nRAvc1z+nb-Eow9Q@mail.gmail. com> <67753E9A5A2A2945F035E0CC@192.168.1.144> <CALm_Vji=Mok7kkZ96+EEAu_Osw0rVjBANBrdejKFs=fEr--3HQ@mail.gmail.com> <1C6038D9E08BE216B90B3FF4@[192.168.1.144]> <7209ad32-c522-bc3e-e863-a5ff72c18e8b@stroeder.com> <7180359711BF1270F919BD53@[192.168.1.144]> <930e4cf3-240f-155e-1cbc-c74f68b9ba3e@stroeder.com> <CABms+Yrhi7PkwV2z99T5W3i6D2jpbo8s8=GESTLYyXb5mh8jdg@mail.gmail.com> <5E1C4F5D020000A1000363EE@gwsmtp.uni-regensburg.de> <071D2235949B1A9339670C6A@[192.168.1.144]>

>>> Quanah Gibson-Mount <quanah@symas.com> schrieb am 13.01.2020 um 17:14 in
Nachricht <071D2235949B1A9339670C6A@[192.168.1.144]>:

> 
> ‑‑On Monday, January 13, 2020 12:07 PM +0100 Ulrich Windl 
> <Ulrich.Windl@rz.uni‑regensburg.de> wrote:
> 
>>>>> Giuseppe De Marco <giuseppe.demarco@unical.it> schrieb am 07.01.2020 um
>> 23:53
>> in Nachricht
>> <CABms+Yrhi7PkwV2z99T5W3i6D2jpbo8s8=GESTLYyXb5mh8jdg@mail.gmail.com>:
>>> https://sha‑mbles.github.io/ 
>>>
>>> Probably it's time to consider the deprecation of SHA1
>>
>> The question is how much existing OSes would be impressed by that,
>> meaning: If the OS can only handle SHA1, it does not help declaring it
>> obsolete...
> 
> The OS is completely and utterly irrelvant to the discussion. It has no 
> knowledge of the internal hashing mechanism used by OpenLDAP.

So you are assuming all systems are using the extended operation to
authenticate? Acually I've see code that reads the LDAP user's password and
then "combines" that with a password the user has entered.
In the former case the password encoding matters. I'm not saying the pattern
is good, but I've seen it.

> 
> ‑‑Quanah
> 
> ‑‑
> 
> Quanah Gibson‑Mount
> Product Architect
> Symas Corporation
> Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
> <http://www.symas.com>

Follow-Ups:
- Re: Antw: Re: Openldap support SHA-256 or SHA-3.
  - From: Quanah Gibson-Mount <quanah@symas.com>

References:
- Re: Openldap support SHA-256 or SHA-3.
  - From: Quanah Gibson-Mount <quanah@symas.com>
- Re: Openldap support SHA-256 or SHA-3.
  - From: Michael Ströder <michael@stroeder.com>
- Re: Openldap support SHA-256 or SHA-3.
  - From: Quanah Gibson-Mount <quanah@symas.com>
- Re: Openldap support SHA-256 or SHA-3.
  - From: Michael Ströder <michael@stroeder.com>
- Re: Openldap support SHA-256 or SHA-3.
  - From: Giuseppe De Marco <giuseppe.demarco@unical.it>
- Antw: Re: Openldap support SHA-256 or SHA-3.
  - From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>
- Re: Antw: Re: Openldap support SHA-256 or SHA-3.
  - From: Quanah Gibson-Mount <quanah@symas.com>

Prev by Date: Re: Question about OpenLDAP and rwm overlay
Next by Date: Re: Antw: Re: Openldap support SHA-256 or SHA-3.
Index(es):
- Chronological
- Thread