[RADIATOR] suggested hash algorithm for passwords in text files

[Hartmaier Alexander]

On 2014-01-13 17:51, Heikki Vatiainen wrote:
> On 01/13/2014 06:26 PM, Hartmaier Alexander wrote:
>
>> Are they included in the reference manual and I missed them? The
>> section that describes the different available password hashes would
>> be a great place to add them right next to the particular algorithm.
> $6$ and the general {crypt} formats are there. I made a note that
> $5$ is missing from the reference manual. The current list is in under
> Check items, section 13.1.1 User-Password, Password
>
> Is this the place you are thinking of?
Yes, exactly!

>
>> Are the crypt SHA-512 hashes portable to other OS Radiator runs on?
> Might be for example, with FreeBSD but the FreeBSD manual states the
> salt has 8 character length limitation. Based on this there appear to be
> portability issues.
>
>> I'd prefer a hash that's checked using a portable Perl module like
>> Digest::SHA so I'm not depending on the OS.
> OpenLDAP seems to use {SHA256} and {SSHA256} for non-salted and salted
> attribute values (and for 384 and 512), so this might be the appropriate
> format for Radiator to use too.
>
> I'll see about adding these. Meanwhile, and also if patching is not
> desired, crypt formats should also work for Linux based servers with
> recent enough libcs.
>
> Thanks,
> Heikki
>
Patching is welcome! If you'd add those formats we would immediately
switch to using them.


*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
Handelsgericht Wien, FN 79340b
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
Notice: This e-mail contains information that is confidential and may be privileged.
If you are not the intended recipient, please notify the sender and then
delete this e-mail immediately.
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*