Is there a name for this variation of a salted MD5? $hash = md5( md5( $salt ) . md5( $password ) ); (for clarity the '.' there is concatenation) And more importantly, can anyone find an implementation for this scheme for OpenDJ?
Asked
Active
Viewed 149 times
0
-
Only want to note, that this is an unsafe way to store passwords. MD5 is ways too fast and therefore can be brute-forced too easily. Todays password [cracker tools](http://hashcat.net/oclhashcat/#features-algos) even implement a lot of variations of such schemes. Use a slow hash function with a cost factor instead (BCrypt, SCrypt or PBKDF2). – martinstoeckli Mar 29 '15 at 19:30
-
I'm migrating these passwords. It really wasn't up to me how they were stored. New passwords will use a more secure algorithm, but these old ones will have to work just the way they are. – rubenator Mar 30 '15 at 18:47
1 Answers
0
There is no implementation of this scheme that I know of for OpenDJ. But password storage schemes in OpenDJ can be easily extended by implementing an extension of the PasswordStorageScheme abstract class. I guess this is for migrating existing hashed passwords. Which product uses such algorithm ?
Ludovic Poitou
- 4,788
- 2
- 21
- 30
-
Invision Power Boards uses this scheme, and yes I need to migrate the passwords. https://www.invisionpower.com/support/guides/_/advanced-and-developers/miscellaneous/passwords-in-ipboard-r130 If you know of a good reference for extending PasswordStorageScheme, I would like it. Bottom line I would probably use the existing SMD5 scheme and add more hashing into it. – rubenator Mar 30 '15 at 18:45
-
I think the best reference is to look at OpenDJ source code and password storage schemes that are in the extensions/ folder. The interface is pretty simple and starting from the MD5 one will make it easier. – Ludovic Poitou Apr 16 '15 at 06:55
-
I guess my problem is I don't know how to go about recompiling the entire thing. – rubenator Apr 17 '15 at 16:14