[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[no subject]

Christopher Fowler wrote:

>The question here is what is safer.  Using SSL to transmit a plain-text
>password or using SSL to transmit a password that is MD5 encrypted.
>
>
>On Wed, 2005-10-12 at 16:23 -0400, Jason Day wrote:
>  
>
>>On Wed, Oct 12, 2005 at 03:22:15PM -0400, Christopher Fowler wrote:
>>    
>>
>>>Thats is a hell of a lot better then sending the plaintext password to
>>>LDAP.  I would want the LDAP server to send me an MD5 encrypted
>>>password.
>>>      
>>>
>>Sure it's better, but it's still not safe.  If someone is sniffing your
>>network they can collect the password hashes and then do dictionary
>>and/or brute force attacks offline.  If someone is using a weak password
>>it's only marginally better than sending in the clear.  SSL would be
>>much better, but of course on an embedded device you probably don't have
>>the option to just install OpenSSL.
>>
>>I think, and I'm not sure about this, that most LDAP servers do _not_
>>return the password hash along with the other user data.  I think that
>>the fact that Domino does do this is considered a security risk.
>>Assuming this is the case, you will need to add a password hash record
>>to every user object in order to return it.  Which, of course, will mean
>>you have to worry about keeping them in sync whenever a user changes
>>his/her password.
>>
>>Jason
>>    
>>
>
>_______________________________________________
>Ale mailing list
>Ale at ale.org
&gt;<a  rel="nofollow" href="http://www.ale.org/mailman/listinfo/ale";>http://www.ale.org/mailman/listinfo/ale</a>
&gt;
&gt;  
&gt;



</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<ul><li><strong>Follow-Ups</strong>:
<ul>
<li><strong><a name="00304" href="msg00304.html">[ale] How LDAP works with authentication</a></strong>
<ul><li><em>From:</em> nate.murchison at gmail.com (Nate Murchison)</li></ul></li>
</ul></li></ul>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00269" href="msg00269.html">[ale] How LDAP works with authentication</a></strong>
<ul><li><em>From:</em> cfowler at outpostsentinel.com (Christopher Fowler)</li></ul></li>
<li><strong><a name="00286" href="msg00286.html">[ale] How LDAP works with authentication</a></strong>
<ul><li><em>From:</em> jasonday at worldnet.att.net (Jason Day)</li></ul></li>
<li><strong><a name="00294" href="msg00294.html">[ale] How LDAP works with authentication</a></strong>
<ul><li><em>From:</em> cfowler at outpostsentinel.com (Christopher Fowler)</li></ul></li>
<li><strong><a name="00300" href="msg00300.html">[ale] How LDAP works with authentication</a></strong>
<ul><li><em>From:</em> jasonday at worldnet.att.net (Jason Day)</li></ul></li>
<li><strong><a name="00302" href="msg00302.html">[ale] How LDAP works with authentication</a></strong>
<ul><li><em>From:</em> cfowler at outpostsentinel.com (Christopher Fowler)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00281.html">[ale] OT: MP3 sites</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00286.html">[ale] How LDAP works with authentication</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00302.html">[ale] How LDAP works with authentication</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00304.html">[ale] How LDAP works with authentication</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00303"><strong>Date</strong></a></li>
<li><a href="threads.html#00303"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>