[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Antw: Re: Openldap support SHA-256 or SHA-3.

To: Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de>, michael@stroeder.com
Subject: Re: Antw: Re: Openldap support SHA-256 or SHA-3.
From: Quanah Gibson-Mount <quanah@symas.com>
Date: Tue, 14 Jan 2020 08:02:30 -0800
Cc: openldap-technical@openldap.org
Content-disposition: inline
Dkim-filter: OpenDKIM Filter v2.10.3 zmcc-2-mta-1.zmailcloud.com E7C62CE697
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=symas.com; s=37C7994C-28CA-11EA-A30F-68F90BB9D764; t=1579017749; bh=I5icbpPssKcdr5BN3ARY1KgwKjdXjBovqOA2spyoZ9Y=; h=Date:From:To:Message-ID:MIME-Version; b=K21uYBYuNnv/KqI68yEIphZjPnExvWvwOiHOpaXjo44zwPeKfOrrdgdD+wmEfc3Mu 8pBqm9T60d1tIWFQsw7mQxb2povfhYDx+aP9M7gKfeEhnPPsgeH1E+QhEIBo2d0hqw i6gTw1Pbh1a//9DrNzfgqP1eXzTYfwSr/cFxXM9xPd5iC6fHhyZWgxPMHignAkl0mx nC15MtKfjToQu21kJ7rpeNkPgEL9kRUrgCaLiqxW/rbQMYfH+mmsH6sgnTLCJqqICK BlGepEQ7EXZ8yjMdisoAm++KIMl2b/JfHyHGlpxa7Lo/z8ylO28xKrqu/vggAtR6dF 06PGoKE9SlQhw==
In-reply-to: <5E1D780A020000A1000364C1@gwsmtp.uni-regensburg.de>
References: <CALm_Vjh4vgOBu8kZrJzRheAyqbZVL0OoE-nRAvc1z+nb-Eow9Q@mail.gmail. com> <67753E9A5A2A2945F035E0CC@192.168.1.144> <CALm_Vji=Mok7kkZ96+EEAu_Osw0rVjBANBrdejKFs=fEr--3HQ@mail.gmail.com> <1C6038D9E08BE216B90B3FF4@[192.168.1.144]> <7209ad32-c522-bc3e-e863-a5ff72c18e8b@stroeder.com> <7180359711BF1270F919BD53@[192.168.1.144]> <930e4cf3-240f-155e-1cbc-c74f68b9ba3e@stroeder.com> <CA17B510ABD069A7884B759C@[192.168.1.144]> <5E1C4FF9020000A1000363F4@gwsmtp.uni-regensburg.de> <A3800A014D08046DDE90E71C@[192.168.1.144]> <5E1D780A020000A1000364C1@gwsmtp.uni-regensburg.de>

--On Tuesday, January 14, 2020 9:12 AM +0100 Ulrich Windl<Ulrich.Windl@rz.uni-regensburg.de> wrote:

As Howard already noted, what we're looking for is something like
Argon2,  not further SSHA derivatives.


There may be a security benefit like going from paranoid to triple
paranoid, but for real life I think users' poor passwords and the
handling of those (keeping them in unsafe memory, fishing, post-it
stickers, etc.) gives real attackers easier means go "get the password".

The OpenLDAP Foundation can only take responsibility for its software, notuser habits. Security of the software it provides is a project priority.


--Quanah


--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>

References:
- Re: Openldap support SHA-256 or SHA-3.
  - From: Quanah Gibson-Mount <quanah@symas.com>
- Re: Openldap support SHA-256 or SHA-3.
  - From: Michael Ströder <michael@stroeder.com>
- Re: Openldap support SHA-256 or SHA-3.
  - From: Quanah Gibson-Mount <quanah@symas.com>
- Re: Openldap support SHA-256 or SHA-3.
  - From: Michael Ströder <michael@stroeder.com>
- Re: Openldap support SHA-256 or SHA-3.
  - From: Quanah Gibson-Mount <quanah@symas.com>
- Antw: Re: Openldap support SHA-256 or SHA-3.
  - From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>
- Re: Antw: Re: Openldap support SHA-256 or SHA-3.
  - From: Quanah Gibson-Mount <quanah@symas.com>
- Re: Antw: Re: Openldap support SHA-256 or SHA-3.
  - From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>

Prev by Date: Re: Antw: Re: Openldap support SHA-256 or SHA-3.
Next by Date: Re: Segmentation Fault on ldap_chain_op
Index(es):
- Chronological
- Thread