Skip to content
  • Simon Levermann's avatar
    ITS#8575 Implement argon2 password hashing as a module · 2210a3bd
    Simon Levermann authored and Quanah Gibson-Mount's avatar Quanah Gibson-Mount committed
    This change implements argon2, which won the Password Hashing
    Competition (https://password-hashing.net/) as a contrib-module in order
    to provide a modern password hashing alternative in openldap. The
    currently available password hashing algorithms are relatively old, and
    modern hardware, especially GPUs can compute quite a few (ranging from
    tens of thousands to millions) of hashes per second. Argon2 was designed
    to withstand such attacks.
    
    This implementation uses the default work factors used in the argon2
    command line client, but the resulting hashes are stored in a way that
    would allow retroactive changes to these values, or even exposing them
    as configuration in the module.
    2210a3bd