Granny's Programming Pearls
"inside of every large program is a small program struggling to get out"
JavaRanch.com/granny.jsp
Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Is there a standard password encryption for ldap servers (SSHA1)?

 
Matt Kohanek
Village Idiot
Ranch Hand
Posts: 484
Java jQuery Oracle
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am just wondering if there is a standard encryption algorithm for LDAP servers. We are storing passwords in a database, and looking to upgrade security procedures. I am just doing pre liminary research.
We are thinking SSHA encryption is our best option. Is there anything I might consider before going this route?
From what I have read, most people seem to agree that SSHA is close to if not the most secure option here.

Any recommended reading for someone without much LDAP or encryption experience?
 
Arshad Noor
Ranch Hand
Posts: 34
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
All LDAP Directory Servers (that I've worked with) use a message-digest for storing the password of a user. The algorithms for the digest vary, but a good one to use today would be the Secure Hash Algorithm (SHA) -256, -384 or -512 (collectively known as the SHA-2 family).

Take a look at the source code of StrongKey CryptoEngine; it has code necessary to authenticate a user against Active Directory or OpenDS (an open-source Java-based Directory Server). But, the code can potentially work against any LDAP Directory Server.

Hope that helps.

Arshad Noor
StrongAuth, Inc.
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic