Add support for PBKDF2-HMAC-SHA256 password encoding #227
Comments
|
After a few hours, it does not seem difficult to generalize the PBKDF2 implementation for other digest types. I will try to provide a PR. |
|
PR is ready for review. |
|
Closed as merged. |
|
It seems this was mentioned in the last release of the 4.4 tree, 4.4.15 But has not been released in the current 4.5.x tree for a default server install, is this an oversight ? The template/config/config.ldif for 4.4.15 has this, as does 4.5.4, but it does not appear in a new 4.5.4 server under the cn=config backend, under cn=Password Storage Schemes,cn=config ( a default server setup ) The root DSA "" of a new 4.5.4 server has supportedAuthSchemes only for PBKDF2, no PBKDF2-HMAC-SHA-(256/512) entries. dn: cn=PBKDF2-HMAC-SHA256,cn=Password Storage Schemes,cn=config dn: cn=PBKDF2-HMAC-SHA512,cn=Password Storage Schemes,cn=config |
Is your feature request related to a problem? Please describe.
I need to import into an OpenDJ instance users from Django applications that store passwords in the PBKDF2-HMAC-SHA256 format, i.e.:
testing->
pbkdf2_sha256$15000$Pjun1TMGEQnM$lShdzU33covbDNiqGVDffdHh/86VaECJlaaNXchT0ew=The value above is composed of
<algorithm>$<iterations>$<ascii_salt>$base64(<digest>). With some jigglery I can convert it to{PBKDF2-HMAC-SHA256}<iterations>:base64(<digest><salt>)which is its standard representation used in LDAP projects:{PBKDF2-HMAC-SHA256}15000:lShdzU33covbDNiqGVDffdHh/86VaECJlaaNXchT0exQanVuMVRNR0VRbk0=Describe the solution you'd like
I need to add to OpenDJ the additional encryption scheme PBKDF2-HMAC-SHA256. It is essentially the same as PBKDF2, it just uses SHA256 as the hashing function instead of the older SHA1.
Additional context
This is already supported in Forgerock DS7 (https://backstage.forgerock.com/knowledge/kb/book/b99437584#M03kaX), together with the SHA512 variant.
The text was updated successfully, but these errors were encountered: