From 71c986adf196ba33b1835b666cc8d1b45902b2e9 Mon Sep 17 00:00:00 2001
From: lfrost <lfrost@localhost>
Date: Tue, 29 Jan 2008 10:37:26 +0000
Subject: [PATCH] Doc changes to Network Groups and Password Configuration docs and some copyright changes. Thanks to Daniel & Matt for the review.

---
 opends/src/admin/defn/org/opends/server/admin/std/MD5PasswordStorageSchemeConfiguration.xml |   15 ++++++++++++---
 1 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/opends/src/admin/defn/org/opends/server/admin/std/MD5PasswordStorageSchemeConfiguration.xml b/opends/src/admin/defn/org/opends/server/admin/std/MD5PasswordStorageSchemeConfiguration.xml
index 29d9fd6..c09d04e 100644
--- a/opends/src/admin/defn/org/opends/server/admin/std/MD5PasswordStorageSchemeConfiguration.xml
+++ b/opends/src/admin/defn/org/opends/server/admin/std/MD5PasswordStorageSchemeConfiguration.xml
@@ -23,7 +23,7 @@
   ! CDDL HEADER END
   !
   !
-  !      Portions Copyright 2007 Sun Microsystems, Inc.
+  !      Portions Copyright 2007-2008 Sun Microsystems, Inc.
   ! -->
 <adm:managed-object name="md5-password-storage-scheme"
   plural-name="md5-password-storage-schemes"
@@ -35,11 +35,20 @@
     The
     <adm:user-friendly-name />
     provides a mechanism for encoding user passwords using an unsalted
-    form of the MD5 message digest algorithm.
+    form of the MD5 message digest algorithm. Because the implementation 
+    does not use any kind of salting mechanism, a given password always 
+    has the same encoded form.
   </adm:synopsis>
   <adm:description>
     This scheme contains only an implementation for the user password
-    syntax, with a storage scheme name of "MD5".
+    syntax, with a storage scheme name of "MD5". Although the MD5 digest 
+    algorithm is relatively secure, recent cryptanalysis work has 
+    identified mechanisms for generating MD5 collisions. This does not 
+    impact the security of this algorithm as it is used in OpenDS, but it 
+    is recommended that the MD5 password storage scheme only be used if 
+    client applications require it for compatibility purposes, and that a 
+    stronger digest like SSHA or SSHA256 be used for environments in which 
+    MD5 support is not required.
   </adm:description>
   <adm:profile name="ldap">
     <ldap:object-class>

--
Gitblit v1.10.0