[Kolab-devel] Password hashing
Roland Gruber
post at rolandgruber.de
Thu Mar 31 17:52:08 CEST 2005
Hi Martin,
Martin Konold schrieb:
>>How flexible is Kolab with password hashes? LAM supports CRYPT, SHA,
>>SSHA, MD5, SMD5 and plain text. Will Kolab work with all of them?
>
> Yes, all components work with any hash except that the web admin code has the
> hashing algorithm hard coded.
thanks, this is what I wanted to hear. :)
>>I think SSHA is the most secure one, maybe you have a special reason for
>>using SHA.
>
> No, not really. The point is that we don't gain this much with the extra salt.
The extra salt helps against precalculation of password hashes. With SHA
each password has exactly one hash value where SSHA has many hashes for
the same password.
Windows passwords have the same problem, they can easily be cracked if
an attacker calculates the hashes for all possible passwords.
Thanks for your quick reply.
Greetings,
Roland
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://lists.kolab.org/pipermail/devel/attachments/20050331/018ebe52/attachment.sig>
More information about the devel
mailing list