directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thilo-Alexander Ginkel <th...@ginkel.com>
Subject [ApacheDS] Questions regarding possible BCrypt support for hashed passwords
Date Sat, 25 Feb 2017 17:31:06 GMT
 Hello everyone,

I have been asked on IRC to address this question to the mailing list,
so here we go...

First, a brief background: I have an existing user directory, which
does not use LDAP and stores its passwords as bcrypt hashes. I'd like
to migrate this directory to LDAP using ApacheDS as backend without
having all users to reset their passwords.

So considering that ApacheDS currently does not support BCrypt, I
thought about adding such support and contributing it throgh a pull
request.

Upfront, there are a couple of questions, though, which I'd like to
clarify to improve the chances for the PR to be accepted. ;-)

1. There is an existing BCrypt implementation for Java, jBCrypt [1, 2]
licensed under the ISC license, which is compatible with the Apache
License 2.0 according to [3]. Do you consider it acceptable to
introduce a new dependency to support a new encryption algorithm?
AFAICS the dependency would need to be added to
org.apache.directory.api:api-ldap-model.

2. Would you prefer an implementation as crypt variant (sub-prefix
$2a$) or a separate algorithm?

Thanks & kind regards,
Thilo

[1] http://www.mindrot.org/projects/jBCrypt/
[2] https://github.com/jeremyh/jBCrypt
[3] https://www.apache.org/legal/resolved

Mime
View raw message