How different ldap implementations are generating random salt? #210
Replies: 1 comment
-
|
java.security.SecureRandom |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I am currently generating a salted SHA 256 passwords in the below format
$hash = "{SSHA256}".base64_encode(hash('sha256', $password . $salt) . $salt) .Using the below libraries of Java classes to generate.
I am not sure if the random salt generated via SecureRandom class is secure enough.I wanted to know how different ldap implementations(OpenLDAP,OpenDJ) are generating the random salt for different password storage scheme like SHA-1,SHA256 etc. Also, can those salt generation algorithm used by different ldap implementations be utilised by us in our scripts(using js) to generate same. I am using js scripts (Rhino js engine) to generate salted sha256 password. Are there any other random generators which are secure enough and can be used in our application?
Beta Was this translation helpful? Give feedback.
All reactions