On Tue, 2018-03-27 at 21:11 -0400, Joe Cooter wrote:
> Hi,
>
> I'm attempting to build an application using the userPassword
> attribute, with hashes stored using PBKDF2_SHA256. However, using
> the passlib hash library for pbkdf2_sha256 is complaining about a
> malformed hash. Looking at the hash, it appears that there aren't
> any delimiters between the salt, iterations, etc.
>
> Is there some additional encoding happening on the userPassword
> attribute?
You should use the pwdhash utility from 389-ds-base to generate the
hashes for DS.
We made a number of decisions about the hash encoding and it's design
for portability and security reasons.
We write the number of rounds into the hash in a bigendian form so that
it's portable. We also store the salt as 64 bytes statically into the
hash (NIST recommend 16 bytes last I checked).
Additionally, we calculate the number of rounds based on your CPU
performance. Because LDAP is often time sensitive to bind, we have a
time factor we try to meet (I think it's 40 ms, but I need to check the
source code). This way binds are still "fast", but there is a cost
factor to an attacker.
When you upgrade your CPU, it will run faster of course because you can
achieve more rounds in the time window. So the design always improves
your protection as you get a faster machine, but without sacrificing
performance or opening up to a DoS on a slower machine.
Hope that helps,
> _______________________________________________
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.o
> rg
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
No comments:
Post a Comment