Github user alopresto commented on the issue:
https://github.com/apache/nifi/pull/2089
I would suggest adding user notes and clear documentation to ensure users
are aware that while `SHA-1` and salted SHA-1 (`SSHA`) hashing are supported
for compatibility with existing systems, [RFC
2307](https://tools.ietf.org/html/rfc2307#section-7) notes that these
algorithms are old, and [SHA-1 has seen collisions in the
wild](https://shattered.io/).
There is [extended
support](https://www.redpill-linpro.com/techblog/2016/08/16/ldap-password-hash.html)
using the OS `crypt` module for stronger hashing algorithms like `SHA-512` to
be used with additional rounds, effectively creating a key stretching algorithm
similar to PBKDF2.
Additional reference: [OpenLDAP
FAQ](http://www.openldap.org/faq/data/cache/347.html)
---
