https://bugs.openldap.org/show_bug.cgi?id=9206
Bug ID: 9206
Summary: contrib/passwd/argon2: consolidate libsodium
implementation
Product: OpenLDAP
Version: 2.5
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: ---
Component: contrib
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
Created attachment 702
--> https://bugs.openldap.org/attachment.cgi?id=702&action=edit
patch to consolidate pw-argon2 implementation based on libsodium
Hi,
current libsodium implementation of pw-argon2 has 2 issues:
- it uses crypto_pwhash_str(), which only guarantees a "memory-hard,
CPU-intensive hash function", but not necessarily Argon2.
- it uses a different unit for the 'memory' parameter than the
libargon2 implementation: bytes instead of KiB.
The attached patch aims to fix both issues.
(The patch is is git format, you can merge it using 'git am')
I'd appreciate if you include them into OpenLDAP.
The referenced files are derived from OpenLDAP Software.
All of the modifications to OpenLDAP Software represented in the following
patch(es) were developed by Peter Marschall <[email protected]>.
I have not assigned rights and/or interest in this work to any party.
The referenced modifications to OpenLDAP Software are subject to the following
notice:
Copyright 2020 Peter Marschall
Redistribution and use in source and binary forms, with or without
modification, are permitted only as authorized by the OpenLDAP Public License.
--
You are receiving this mail because:
You are on the CC list for the bug.
