I am just wondering if there is a standard encryption algorithm for LDAP servers. We are storing passwords in a database, and looking to upgrade security procedures. I am just doing pre liminary research.
We are thinking SSHA encryption is our best option. Is there anything I might consider before going this route?
From what I have read, most people seem to agree that SSHA is close to if not the most secure option here.
Any recommended reading for someone without much LDAP or encryption experience?
True wisdom is in knowing you know nothing - Socrates
posted 4 years ago
All LDAP Directory Servers (that I've worked with) use a message-digest for storing the password of a user. The algorithms for the digest vary, but a good one to use today would be the Secure Hash Algorithm (SHA) -256, -384 or -512 (collectively known as the SHA-2 family).
Take a look at the source code of StrongKey CryptoEngine; it has code necessary to authenticate a user against Active Directory or OpenDS (an open-source Java-based Directory Server). But, the code can potentially work against any LDAP Directory Server.