[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: scrypt ASICs - litecoin N, r, p settings - Re: Revisiting the SHA1 default password hash
- To: openldap-devel@openldap.org
- Subject: Re: scrypt ASICs - litecoin N, r, p settings - Re: Revisiting the SHA1 default password hash
- From: Emily Backes <ebackes@symas.com>
- Date: Tue, 7 Mar 2017 12:13:40 -0600 (CST)
- In-reply-to: <WM!e52e351d4fe3cc65d32017a0107b2a28c3147ac82f21bde2281cfb53d4d38d9acf440c89dd5bff683f15f3527eb87216!@mailstronghold-2.zmailcloud.com>
- References: <ef869298-c352-1f80-a5f8-dcf4618dd0dd@sancho.ccd.uniroma2.it> <WM!9fa82651bd64018f4e305f13acb21fd4de8c1370be8eebea79edd91c2a8b59d3638bba30c991cdf7676b201ac27d92cd!@mailstronghold-3.zmailcloud.com> <ec863801-3357-a860-26ce-e70f4ee3df59@symas.com> <WM!e52e351d4fe3cc65d32017a0107b2a28c3147ac82f21bde2281cfb53d4d38d9acf440c89dd5bff683f15f3527eb87216!@mailstronghold-2.zmailcloud.com>
- Thread-index: Yu3+2XgmtPsXrpVyyehoCZU1hp9vaQ==
- Thread-topic: scrypt ASICs - litecoin N, r, p settings - Re: Revisiting the SHA1 default password hash
> Requiring 1GB for a password hash will preclude using it on small devices,
> e.g. raspberry pi.
>
> Even 16MB is excessive.
It's sounding like the newer and more complicated hashes have a lot of configurable features that may need site-local tuning. Should these be part of e.g. slapd.conf config or be settings embedded in the value format for later clarity, like
{HASHNAME:attr=val,attr=val,attr=val}SnVzdCBhbiBleGFtcGxlLCBzaWxseQ==
Considering the size of some of these newfangled hashes, attribute length doesn't look to be a relevant concern any longer. Realistically this would probably be a better way to express things like salt values in addition to the iteration counts and so on. If a structured value is what we really want there, BER might be more appropriate, possibly with a leading {EXTENDED-STRUCTURE} hash declaration.
--
Emily Backes
Symas Corporation
ebackes@symas.com