On Tue, 2018-03-27 at 21:11 -0400, Joe Cooter wrote: > Hi, > > I’m attempting to build an application using the userPassword > attribute, with hashes stored using PBKDF2_SHA256. However, using > the passlib hash library for pbkdf2_sha256 is complaining about a > malformed hash. Looking at the hash, it appears that there aren’t > any delimiters between the salt, iterations, etc. > > Is there some additional encoding happening on the userPassword > attribute? You should use the pwdhash utility from 389-ds-base to generate the hashes for DS. We made a number of decisions about the hash encoding and it's design for portability and security reasons. We write the number of rounds into the hash in a bigendian form so that it's portable. We also store the salt as 64 bytes statically into the hash (NIST recommend 16 bytes last I checked). Additionally, we calculate the number of rounds based on your CPU performance. Because LDAP is often time sensitive to bind, we have a time factor we try to meet (I think it's 40 ms, but I need to check the source code). This way binds are still "fast", but there is a cost factor to an attacker. When you upgrade your CPU, it will run faster of course because you can achieve more rounds in the time window. So the design always improves your protection as you get a faster machine, but without sacrificing performance or opening up to a DoS on a slower machine. Hope that helps, > _______________________________________________ > 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to 389-users-leave@lists.fedoraproject.o > rg _______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
