> On 12 Jan 2024, at 10:19, John Thurston <john.thurston@alaska.gov> wrote:
>
> We've moving from DS 1.4 --> DS 2.1
> With DS 1.4, we have our password hashing set to PBKDF2_SHA256. Our DS 2.1 defaults to PBKDF2-SHA512.
> During the cutover phase, I want to set the 2.1 instances back to SHA256. We'd then advance the storage scheme to SHA512 when we were ready to sever our links to the past.
> Through the cockpit-interface, I may choose among:
> • PBKDF2-SHA1
> • PBKDF2-SHA256
> • PBKDF2-SHA512
> • PBKDF2_SHA256
> Are the two SHA256 choices the same? Is there some significance I'm missing in the "_" and the "-" characters?
>
https://fy.blackhats.net.au/blog/2022-11-25-why-are-pbkdf2-sha256-and-pbkdf2-sha256-different-in-389-ds/
tl;dr Use PBKDF2-SHA256. (hyphen, not underscore).
--
Sincerely,
William Brown
Senior Software Engineer,
Identity and Access Management
SUSE Labs, Australia
--
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
No comments:
Post a Comment