[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Revisiting the SHA1 default password hash
- To: openldap-devel@openldap.org
- Subject: Re: Revisiting the SHA1 default password hash
- From: Michael Ströder <michael@stroeder.com>
- Date: Fri, 24 Feb 2017 21:06:22 +0100
- In-reply-to: <B4A6086DCB7954D816BB8528@[192.168.1.30]>
- Openpgp: id=43C8730E84A20E560722806C07DC7AE36A8BC938
- References: <B4A6086DCB7954D816BB8528@[192.168.1.30]>
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:49.0) Gecko/20100101 SeaMonkey/2.46
Quanah Gibson-Mount wrote:
> I think it would be wise to update OpenLDAP to a different default for userPassword.
Yes!
> We currently have the Contrib SHA2 module,
SHA-2 hashes with one round are also way too fast to be a good password hash algorithm.
> It may be time to move the SHA2 module into core,
Yes, but there should be something stronger.
How about moving ./contrib/slapd-modules/passwd/pbkdf2 to core?
Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature