From 98825143e0858c84f5db33b5f3406df711b8bd80 Mon Sep 17 00:00:00 2001
From: Chris Ridd <chris.ridd@forgerock.com>
Date: Thu, 27 Mar 2014 09:32:09 +0000
Subject: [PATCH] Fix OPENDJ-1386: Describe the limitations of the DES ("unix") algorithm in CRYPT
---
opends/src/admin/defn/org/opends/server/admin/std/CryptPasswordStorageSchemeConfiguration.xml | 38 +++++++++++++++++++++-----------------
1 files changed, 21 insertions(+), 17 deletions(-)
diff --git a/opends/src/admin/defn/org/opends/server/admin/std/CryptPasswordStorageSchemeConfiguration.xml b/opends/src/admin/defn/org/opends/server/admin/std/CryptPasswordStorageSchemeConfiguration.xml
index 19564f5..a5e25b0 100644
--- a/opends/src/admin/defn/org/opends/server/admin/std/CryptPasswordStorageSchemeConfiguration.xml
+++ b/opends/src/admin/defn/org/opends/server/admin/std/CryptPasswordStorageSchemeConfiguration.xml
@@ -23,7 +23,7 @@
!
!
! Copyright 2007-2008 Sun Microsystems, Inc.
- ! Portions Copyright 2010-2013 ForgeRock AS
+ ! Portions Copyright 2010-2014 ForgeRock AS
! Portions Copyright 2012 Dariusz Janny <dariusz.janny@gmail.com>
! -->
<adm:managed-object name="crypt-password-storage-scheme"
@@ -40,18 +40,20 @@
algorithms, either Unix crypt, md5, sha256 or sha512.
</adm:synopsis>
<adm:description>
- This implementation contains an implementation for the user
- password syntax, with a storage scheme name of "CRYPT". Like on most
- Unixes, the "CRYPT" storage scheme has different algorithms, the default
- being the Unix crypt.
+ This scheme contains only an implementation for the user password
+ syntax, with a storage scheme name of "CRYPT". Like on most Unixes, the
+ "CRYPT" storage scheme has different algorithms, the default being Unix
+ crypt.
- Even though the Unix crypt is a one-way digest, it
- is relatively weak by today's standards. Because it supports
- only a 12-bit salt (meaning that there are only 4096 possible ways to
- encode a given password), it is also vulnerable to dictionary attacks.
- You should therefore use this storage scheme only in cases where an
- external application expects to retrieve the password and verify it
- outside of the directory, rather than by performing an LDAP bind.
+ Warning: even though Unix crypt is a one-way digest, it is very weak by
+ today's standards. Only the first 8 characters in a password are used, and
+ it only uses the bottom 7 bits of each character. It only supports a 12-bit
+ salt (meaning that there are only 4096 possible ways to encode a given
+ password), so it is vulnerable to dictionary attacks.
+
+ You should therefore use this algorithm only in cases where an external
+ application expects to retrieve the password and verify it outside of the
+ directory, instead of by performing an LDAP bind.
</adm:description>
<adm:profile name="ldap">
<ldap:object-class>
@@ -75,11 +77,11 @@
<adm:description>
Select the crypt algorithm to use to encrypt new passwords.
The value can either be "unix", which means the password is encrypted
- with the Unix crypt algorithm, or md5 which means the password is
+ with the weak Unix crypt algorithm, or "md5" which means the password is
encrypted with the BSD MD5 algorithm and has a $1$ prefix,
- or sha256 which means the password is encrypted with the SHA256 algorithm
- and has a $5$ prefix, or sha512 which means the password is encrypted with
- the SHA512 algorithm and has a $6$ prefix.
+ or "sha256" which means the password is encrypted with the SHA256
+ algorithm and has a $5$ prefix, or "sha512" which means the password is
+ encrypted with the SHA512 algorithm and has a $6$ prefix.
</adm:description>
<adm:default-behavior>
<adm:defined>
@@ -90,7 +92,9 @@
<adm:enumeration>
<adm:value name="unix">
<adm:synopsis>
- New passwords are encrypted with the Unix crypt algorithm.
+ New passwords are encrypted with the Unix crypt algorithm. Passwords
+ are truncated at 8 characters and the top bit of each character is
+ ignored.
</adm:synopsis>
</adm:value>
<adm:value name="md5">
--
Gitblit v1.10.0