> On 12 Jan 2024, at 10:19, John Thurston <john.thurston@xxxxxxxxxx> wrote: > > We've moving from DS 1.4 --> DS 2.1 > With DS 1.4, we have our password hashing set to PBKDF2_SHA256. Our DS 2.1 defaults to PBKDF2-SHA512. > During the cutover phase, I want to set the 2.1 instances back to SHA256. We'd then advance the storage scheme to SHA512 when we were ready to sever our links to the past. > Through the cockpit-interface, I may choose among: > • PBKDF2-SHA1 > • PBKDF2-SHA256 > • PBKDF2-SHA512 > • PBKDF2_SHA256 > Are the two SHA256 choices the same? Is there some significance I'm missing in the "_" and the "-" characters? > https://fy.blackhats.net.au/blog/2022-11-25-why-are-pbkdf2-sha256-and-pbkdf2-sha256-different-in-389-ds/ tl;dr Use PBKDF2-SHA256. (hyphen, not underscore). -- Sincerely, William Brown Senior Software Engineer, Identity and Access Management SUSE Labs, Australia -- _______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
