389-ds-base

Clone
Source Code
GIT

#49235 PBKDF2 by default
Closed: wontfix 6 years ago Opened 7 years ago by firstyear.

Closed: wontfix
Reopen Issue

Issue Description

Currently we default to SSHA512, as it's the only supported password hash for 1.2.x and 1.3.x.

I propose that for 1.4.x we make PBKDF2_SHA256 the default, and we establish a rule that states we may only replicate 1.3.6 and 1.4.x series (as MMR), and that any replication between 1.3.5 and 1.2.x must be toward the 1.4.x only (IE migration)

This is a significant step towards secure by default in our product, as PBKDF2_SHA256 today is our strongest password hashing mech, and along with #49135 it will continue to be secure for a long time even as hardware improves.

Metadata Update from @firstyear:
- Issue assigned to firstyear
7 years ago

Metadata Update from @firstyear:
- Custom field type adjusted to defect
- Issue priority set to: major
- Issue set to the milestone: 1.4 backlog
- Issue tagged with: Easyfix, Security
7 years ago

Metadata Update from @firstyear:
- Custom field component adjusted to None
- Custom field origin adjusted to None
- Custom field reviewstatus adjusted to review
- Custom field version adjusted to None
6 years ago

Metadata Update from @mreynolds:
- Custom field reviewstatus adjusted to ack (was: review)
6 years ago

commit 816ffee
To ssh://git@pagure.io/389-ds-base.git
4cd1a24..0ea523c master -> master

Metadata Update from @firstyear:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)
6 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/2294

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: fixed)
3 years ago

Login to comment on this ticket.

Metadata

Security Easyfix

None
None
major
ack
None
None
Attachments 1
0001-Ticket-49235-pbkdf2-by-default.patch
Attached 6 years ago View Comment
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.