my dog learned polymorphism*
The moose likes Security and the fly likes Is there a standard password encryption for ldap servers (SSHA1)? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Is there a standard password encryption for ldap servers (SSHA1)?" Watch "Is there a standard password encryption for ldap servers (SSHA1)?" New topic
Author

Is there a standard password encryption for ldap servers (SSHA1)?

Matt Kohanek
Village Idiot
Ranch Hand

Joined: Apr 04, 2009
Posts: 483

I am just wondering if there is a standard encryption algorithm for LDAP servers. We are storing passwords in a database, and looking to upgrade security procedures. I am just doing pre liminary research.
We are thinking SSHA encryption is our best option. Is there anything I might consider before going this route?
From what I have read, most people seem to agree that SSHA is close to if not the most secure option here.

Any recommended reading for someone without much LDAP or encryption experience?


True wisdom is in knowing you know nothing - Socrates
Arshad Noor
Ranch Hand

Joined: Oct 06, 2011
Posts: 34
All LDAP Directory Servers (that I've worked with) use a message-digest for storing the password of a user. The algorithms for the digest vary, but a good one to use today would be the Secure Hash Algorithm (SHA) -256, -384 or -512 (collectively known as the SHA-2 family).

Take a look at the source code of StrongKey CryptoEngine; it has code necessary to authenticate a user against Active Directory or OpenDS (an open-source Java-based Directory Server). But, the code can potentially work against any LDAP Directory Server.

Hope that helps.

Arshad Noor
StrongAuth, Inc.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Is there a standard password encryption for ldap servers (SSHA1)?
 
Similar Threads
Securing Web Services
LDAP authentication + filter + redirect = mess
How does LDAP relate to security?
attributes in weblogic and websphere ldap
Active Directory authentication in liferay