Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 1.5.5
    • Fix Version/s: 1.5.6
    • Component/s: core
    • Labels:
      None
    • Environment:
      ApacheDS 1.5.5

      Description

      Currently, ApacheDS 1.5.5 authenticates users with passwords stored with following algorithms:

      • (plain text)
      • SHA
      • SSHA
      • MD5
      • SMD5
      • CRYPT

      see class org.apache.directory.server.core.authn.SimpleAuthenticator and enum org.apache.directory.shared.ldap.constants.LdapSecurityConstants.
      Most of them are considered weak. http://www.schneier.com/essay-074.html

      SHA-256 is not directly supported. How about adding it to the list?

        Activity

        Hide
        Emmanuel Lecharny added a comment -

        Lets' do that fast.

        Show
        Emmanuel Lecharny added a comment - Lets' do that fast.
        Hide
        Kiran Ayyagari added a comment -

        Added the support for SHA-256. http://svn.apache.org/viewvc?rev=916400&view=rev

        Show
        Kiran Ayyagari added a comment - Added the support for SHA-256. http://svn.apache.org/viewvc?rev=916400&view=rev

          People

          • Assignee:
            Kiran Ayyagari
            Reporter:
            Stefan Zoerner
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development