directory-fortress mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shawn McKinney <smckin...@apache.org>
Subject Re: multiple user passwords in fortress-rest
Date Fri, 24 Apr 2015 14:57:42 GMT

> On Apr 24, 2015, at 9:05 AM, Emmanuel Lécharny <elecharny@gmail.com> wrote:
> 
> But an base-64 representation of a char[] (or even better, byte[],
> assuming the password is UTF-8 encoded) is most certainly better, from a
> security POV.
> 
> Also considering that what you are using are pure ascii chars, that will
> not be appropriate for around 4/5 of the world, such a modification
> could be valuable.
> 
> As a matter of fact, passwords in LDIF are generally stored already
> hashed, ie as byte[], because whatever representation you use (being a
> String or a char[]), this is already fully vulnerable...
> 
> IMO, there is something wrong in this area...

Agreed.  I’ll open a ticket and we’ll go from there.

Thanks

Shawn
smckinney@apache.org


Mime
View raw message