Thanks all for all your advises. I am working on it ... Alain
-----Message d'origine----- De : Ulrich Windl <[email protected]> Envoyé : jeudi 9 juin 2022 09:04 À : RAIMBAULT Alain - Contractor <[email protected]>; [email protected]; [email protected] Objet : Antw: [EXT] RE: Failing to modify olcSizeLimit >>> Quanah Gibson-Mount <[email protected]> schrieb am 08.06.2022 um >>> 18:03 in Nachricht <1AA0097E3E4235DC5675E461@[192.168.1.17]>: > discover that password. I'd also advise them to change it, since you > publicly shared the SHA‑1 hash with the world. I'd also advise them > to use Ignoring weak passwords, what are realistic brute-force attack times on SSHA today? I also wonder whether trying brute-force is worth it as the poster could have swapped one or two characters in the BASE64 encpoding before sending ;-) > a more secure hashing function (At least SSHA512, or even better > upgrade to > a currently supported release of OpenLDAP and use ARGON2). Personally I think weak passwords (or the handling of such) is much more of a security problem as SSH is. However from the standpoint of admin, you are better off to use a strong hashing function as it allows you to argue: It must be the user's fault if the password became available... Regards, Ulrich
