directory-fortress mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shawn McKinney <>
Subject Re: multiple user passwords in fortress-rest
Date Fri, 24 Apr 2015 14:57:42 GMT

> On Apr 24, 2015, at 9:05 AM, Emmanuel Lécharny <> wrote:
> But an base-64 representation of a char[] (or even better, byte[],
> assuming the password is UTF-8 encoded) is most certainly better, from a
> security POV.
> Also considering that what you are using are pure ascii chars, that will
> not be appropriate for around 4/5 of the world, such a modification
> could be valuable.
> As a matter of fact, passwords in LDIF are generally stored already
> hashed, ie as byte[], because whatever representation you use (being a
> String or a char[]), this is already fully vulnerable...
> IMO, there is something wrong in this area...

Agreed.  I’ll open a ticket and we’ll go from there.



View raw message