Skip to content
  • Simon Levermann's avatar
    ITS#8575 Implement argon2 password hashing as a module · 7e3822f3
    Simon Levermann authored and Ondřej Kuzník's avatar Ondřej Kuzník committed
    This change implements argon2, which won the Password Hashing
    Competition (https://password-hashing.net/) as a contrib-module in order
    to provide a modern password hashing alternative in openldap. The
    currently available password hashing algorithms are relatively old, and
    modern hardware, especially GPUs can compute quite a few (ranging from
    tens of thousands to millions) of hashes per second. Argon2 was designed
    to withstand such attacks.
    
    This implementation uses the default work factors used in the argon2
    command line client, but the resulting hashes are stored in a way that
    would allow retroactive changes to these values, or even exposing them
    as configuration in the module.
    7e3822f3