>>> Quanah Gibson-Mount <qua...@symas.com> schrieb am 08.01.2020 um 03:05 in Nachricht <CA17B510ABD069A7884B759C@[192.168.1.144]>:
> > --On Tuesday, January 7, 2020 11:25 PM +0100 Michael Ströder > <mich...@stroeder.com> wrote: > >> AFAICS RFC 3112 was never implemented in OpenLDAP. Thus I'd consider >> this to be rather irrelevant here. > > Incorrect, it's clearly implemented in slapd. Whether it's enabled is a > different question, as it's IFDEF'd behind SLAPD_AUTHPASSWD. ;) > > In any case, I've been advocating for several years now to get rid of SSHA > as the default hashing mechanism and replace it with something that may > actually have some security value. Is a "well-salted" SHA-1 really worse than a "poorely-salted" SHA-256? Isn't it all aboput the number of bits that have to be checked (brute-force)? > > --Quanah > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com>
