Thursday, January 11, 2024

[389-users] Re: Password storage scheme - choices

> On 12 Jan 2024, at 10:19, John Thurston <> wrote:
> We've moving from DS 1.4 --> DS 2.1
> With DS 1.4, we have our password hashing set to PBKDF2_SHA256. Our DS 2.1 defaults to PBKDF2-SHA512.
> During the cutover phase, I want to set the 2.1 instances back to SHA256. We'd then advance the storage scheme to SHA512 when we were ready to sever our links to the past.
> Through the cockpit-interface, I may choose among:
> • PBKDF2-SHA256
> • PBKDF2-SHA512
> • PBKDF2_SHA256
> Are the two SHA256 choices the same? Is there some significance I'm missing in the "_" and the "-" characters?

tl;dr Use PBKDF2-SHA256. (hyphen, not underscore).


William Brown

Senior Software Engineer,
Identity and Access Management
SUSE Labs, Australia
389-users mailing list --
To unsubscribe send an email to
Fedora Code of Conduct:
List Guidelines:
List Archives:
Do not reply to spam, report it:

No comments:

Post a Comment