directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lecharny <elecha...@apache.org>
Subject Re: Password hashed with SSHA-256 within ApacheDS (was: Re: Implementing a simple interceptor: Adding it to the chain)
Date Sun, 07 Feb 2010 16:49:32 GMT
Yeah, rise an JIRA. Implementing SHA§256 is probably a matter of minutes.

On Sun, Feb 7, 2010 at 5:23 PM, Stefan Zoerner <stefan@labeo.de> wrote:

> Hi Emmanuel!
>
> Emmanuel Lecharny wrote:
>
>> On 2/7/10 11:00 AM, Stefan Zoerner wrote:
>>
>>> Good morning Emmanuel!
>>>
>>> Emmanuel Lecharny wrote:
>>>
>>>> I will have a look at it tomorrow.
>>>>
>>>
>>> That would be great! Thanks!
>>>
>> Done !
>>
>
> Thanks a lot, I have taken account all your great advice and modified the
> page a little bit:
>
>
> http://cwiki.apache.org/confluence/display/DIRxSBOX/Implementing+a+simple+interceptor
>
> Think, I can move it to the official documentation, if no one votes against
> that.
>
> But there is the "One last thing". You wrote:
>
> > One last thing : you should suggest to use SSHA-256, instead of MD5. MD5
> is considered as weak : http://www.schneier.com/essay-074.html (so is
> SSHA1, btw :-)
>
> This is a good hint, and it would be quite easy to configure the
> PasswordHashInterceptor like that. I tried it out, and the password has been
> stored encrypted with SSHA-256. Unfortunately, ApacheDS 1.5.5 does not
> authenticate users with passwords stored like that. SSHA-256 is not one of
> the supported hash algorithms, see class
> org.apache.directory.server.core.authn.SimpleAuthenticator and enum
> org.apache.directory.shared.ldap.constants.LdapSecurityConstants.
>
> The same hold true for Apache Directory Studio, btw. It does not support
> this hash function.
>
> Should I raise a JIRA which addresses that? I think I would even be able to
> add that on my own to the server, if wished (at least I was able to find the
> place in the server code ;-).
>
> Greetings from Hamburg,
>    StefanZ
>
>
>


-- 
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com

Mime
View raw message