Bug#920283: openldap: include argon2 hashing contrib module

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Bug#920283: openldap: include argon2 hashing contrib module

Raphael Geissert-4
Package: openldap
Version: 2.4.47+dfsg-2
Severity: wishlist

Hi,

In upstream's tracker there is a submission of a password hashing
(key-derivation) module using argon2[1].
Given its use of the argon2 library any future move to use libsodium
or similar would not cause any compatibility issue. Moreover, the
generated hashes follow the same format as produced by the argon2(1)
tool.

FWIW, given that the patch is served via ftp, the patch[2] that I can
download from here has
a5c1e1d412c7ad87cdf27624072ecfe10c09d6ebb3c9c36d52590ae89401299a as
its sha256 hash.

Thanks in advance!

[1]https://www.openldap.org/its/index.cgi/?findid=8575
[2]ftp://ftp.openldap.org/incoming/simon-levermann-170126.patch

Cheers,
--
Raphael Geissert - Debian Developer
www.debian.org

Reply | Threaded
Open this post in threaded view
|

Bug#920283: [Pkg-openldap-devel] Bug#920283: openldap: include argon2 hashing contrib module

Ryan Tandy-4
Hello Raphael,

On Wed, Jan 23, 2019 at 04:55:20PM +0100, Raphael Geissert wrote:
>In upstream's tracker there is a submission of a password hashing
>(key-derivation) module using argon2[1].
>Given its use of the argon2 library any future move to use libsodium
>or similar would not cause any compatibility issue. Moreover, the
>generated hashes follow the same format as produced by the argon2(1)
>tool.

Given the ITS has been idle for quite some time, I would be happier if
this were reviewed and accepted upstream before we pull it into our
package. Just in git master would be fine, we don't have to wait for it
to appear in a stable release.

Would you be willing to ping upstream and/or the author about the status
of getting that module added in git?

thanks,
Ryan