Full_Name: Simon Levermann Version: OS: URL: ftp://ftp.openldap.org/incoming/simon-levermann-170126.patch Submission from: (NULL) (2001:638:708:f002:deab:9ae4:7f07:d350) This patch adds a password hashing module for the argon2 function to the contrib/slapd-modules/passwd/ modules. Argon2 is a relatively new hash function which has won the Password Hashing Competition (https://password-hashing.net) The attached patch file is derived from OpenLDAP Software. All of the modifications to OpenLDAP Software represented in the following patch(es) were developed by Simon Levermann simon@slevermann.de. I have not assigned rights and/or interest in this work to any party. I, Simon Levermann, hereby place the following modifications to OpenLDAP Software (and only these modifications) into the public domain. Hence, these modifications may be freely used and/or redistributed for any purpose with or without attribution and/or other notice.
--On Thursday, January 26, 2017 1:36 PM +0000 simon@slevermann.de wrote: > This patch adds a password hashing module for the argon2 function to the > contrib/slapd-modules/passwd/ modules. Argon2 is a relatively new hash > function which has won the Password Hashing Competition > (https://password-hashing.net) Discussed with Simon in IRC, he is going to look at making the modifications necessary so that this module can also use libsodium. --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>
moved from Incoming to Contrib
Hi, Is there any progress on a libsodium-based module? Or is there any chance that the current version be integrated as-is ("one is better than none")? Regards, -- Raphael Geissert
Hi, I have essentially given up on doing this, because I no longer work for the employer that had me work on this, and at the time I did, I never got the thing done. The code itself worked when I tried it, but it has the caveat of not being configurable. I never quite found out how to properly implement configuration of a module that isn't an overlay, so I never got that done. Feel free to adjust the existing code, it should be adaptable to libsodium relatively easily. Cheers, Simon Am 31.01.2019 um 16:17 schrieb Raphael Geissert: > Hi, > > Is there any progress on a libsodium-based module? Or is there any > chance that the current version be integrated as-is ("one is better > than none")? > > Regards,
On Thu, Jan 31, 2019 at 03:20:22PM +0000, simon@slevermann.de wrote: > Hi, > > I have essentially given up on doing this, because I no longer work for > the employer that had me work on this, and at the time I did, I never > got the thing done. The code itself worked when I tried it, but it has > the caveat of not being configurable. I never quite found out how to > properly implement configuration of a module that isn't an overlay, so I > never got that done. Feel free to adjust the existing code, it should be > adaptable to libsodium relatively easily. An implementation using libsodium is now available at https://github.com/mistotebe/openldap/tree/its8575-argon Not configurable yet as to what parameters are chosen when a plaintext password is being hashed, however. Regards, -- Ondřej Kuzník Senior Software Engineer Symas Corporation http://www.symas.com Packaged, certified, and supported LDAP solutions powered by OpenLDAP
On Mon, Nov 11, 2019 at 05:48:05PM +0000, ondra@mistotebe.net wrote: > An implementation using libsodium is now available at > https://github.com/mistotebe/openldap/tree/its8575-argon > > Not configurable yet as to what parameters are chosen when a plaintext > password is being hashed, however. That branch now supports parameters being passed in at module load time. It won't help slappasswd as that one doesn't know how to pass parameters to modules but that is a different issue. -- Ondřej Kuzník Senior Software Engineer Symas Corporation http://www.symas.com Packaged, certified, and supported LDAP solutions powered by OpenLDAP
Ondrej, please update the bug's status as appropriate, thanks!
Committed to master at af5ed7c6e27d596dbed440c9a20c2f28f125f846 and previous