You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@directory.apache.org by "Stefan Zoerner (JIRA)" <ji...@apache.org> on 2010/02/07 19:00:28 UTC

[jira] Created: (DIRSERVER-1466) Support SHA-256 for userPassword values

Support SHA-256 for userPassword values
---------------------------------------

                 Key: DIRSERVER-1466
                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1466
             Project: Directory ApacheDS
          Issue Type: Improvement
          Components: core
    Affects Versions: 1.5.5
         Environment: ApacheDS 1.5.5
            Reporter: Stefan Zoerner
            Priority: Minor


Currently, ApacheDS 1.5.5 authenticates users with passwords stored with following algorithms:
* (plain text)
* SHA
* SSHA
* MD5
* SMD5
* CRYPT

see class org.apache.directory.server.core.authn.SimpleAuthenticator and enum org.apache.directory.shared.ldap.constants.LdapSecurityConstants.
Most of them are considered weak. http://www.schneier.com/essay-074.html

SHA-256 is not directly supported. How about adding it to the list?

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (DIRSERVER-1466) Support SHA-256 for userPassword values

Posted by "Emmanuel Lecharny (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/DIRSERVER-1466?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Emmanuel Lecharny updated DIRSERVER-1466:
-----------------------------------------

    Fix Version/s: 1.5.6

Lets' do that fast.

> Support SHA-256 for userPassword values
> ---------------------------------------
>
>                 Key: DIRSERVER-1466
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1466
>             Project: Directory ApacheDS
>          Issue Type: Improvement
>          Components: core
>    Affects Versions: 1.5.5
>         Environment: ApacheDS 1.5.5
>            Reporter: Stefan Zoerner
>            Priority: Minor
>             Fix For: 1.5.6
>
>
> Currently, ApacheDS 1.5.5 authenticates users with passwords stored with following algorithms:
> * (plain text)
> * SHA
> * SSHA
> * MD5
> * SMD5
> * CRYPT
> see class org.apache.directory.server.core.authn.SimpleAuthenticator and enum org.apache.directory.shared.ldap.constants.LdapSecurityConstants.
> Most of them are considered weak. http://www.schneier.com/essay-074.html
> SHA-256 is not directly supported. How about adding it to the list?

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Assigned: (DIRSERVER-1466) Support SHA-256 for userPassword values

Posted by "Kiran Ayyagari (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/DIRSERVER-1466?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Kiran Ayyagari reassigned DIRSERVER-1466:
-----------------------------------------

    Assignee: Kiran Ayyagari

> Support SHA-256 for userPassword values
> ---------------------------------------
>
>                 Key: DIRSERVER-1466
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1466
>             Project: Directory ApacheDS
>          Issue Type: Improvement
>          Components: core
>    Affects Versions: 1.5.5
>         Environment: ApacheDS 1.5.5
>            Reporter: Stefan Zoerner
>            Assignee: Kiran Ayyagari
>            Priority: Minor
>             Fix For: 1.5.6
>
>
> Currently, ApacheDS 1.5.5 authenticates users with passwords stored with following algorithms:
> * (plain text)
> * SHA
> * SSHA
> * MD5
> * SMD5
> * CRYPT
> see class org.apache.directory.server.core.authn.SimpleAuthenticator and enum org.apache.directory.shared.ldap.constants.LdapSecurityConstants.
> Most of them are considered weak. http://www.schneier.com/essay-074.html
> SHA-256 is not directly supported. How about adding it to the list?

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Resolved: (DIRSERVER-1466) Support SHA-256 for userPassword values

Posted by "Kiran Ayyagari (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/DIRSERVER-1466?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Kiran Ayyagari resolved DIRSERVER-1466.
---------------------------------------

    Resolution: Fixed

Added the support for SHA-256. http://svn.apache.org/viewvc?rev=916400&view=rev

> Support SHA-256 for userPassword values
> ---------------------------------------
>
>                 Key: DIRSERVER-1466
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1466
>             Project: Directory ApacheDS
>          Issue Type: Improvement
>          Components: core
>    Affects Versions: 1.5.5
>         Environment: ApacheDS 1.5.5
>            Reporter: Stefan Zoerner
>            Assignee: Kiran Ayyagari
>            Priority: Minor
>             Fix For: 1.5.6
>
>
> Currently, ApacheDS 1.5.5 authenticates users with passwords stored with following algorithms:
> * (plain text)
> * SHA
> * SSHA
> * MD5
> * SMD5
> * CRYPT
> see class org.apache.directory.server.core.authn.SimpleAuthenticator and enum org.apache.directory.shared.ldap.constants.LdapSecurityConstants.
> Most of them are considered weak. http://www.schneier.com/essay-074.html
> SHA-256 is not directly supported. How about adding it to the list?

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.