PBKDF2 Support

Arran Cudbard-Bell a.cudbardb at freeradius.org
Thu Jul 27 01:19:12 CEST 2017


A few people have asked for this.

There’s now support for PBKDF2 in v4.0.x for the following hashes:

	{ "HMACSHA1",		FR_SSHA_PASSWORD },
	{ "HMACSHA2+224",	FR_SSHA2_224_PASSWORD },
	{ "HMACSHA2+256",	FR_SSHA2_256_PASSWORD },
	{ "HMACSHA2+384",	FR_SSHA2_384_PASSWORD },
	{ "HMACSHA2+512",	FR_SSHA2_512_PASSWORD },

Format of hash string currently supported is the ‘ldap’ format from the CPAN library Crypt::PBKDF2:

	{hash_algorithm}:base64(iterations):base64(salt):base64(hash)

...but there doesn’t seem to be a standard for the hash string format.

Ideally we’d like to add support for common generators of PBKDF2 strings out of the box, in addition
to allowing people to support their own via unlang policies.

…so can anyone suggest what the common formats for PBKDF2 might be?

-Arran
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20170726/7b7a4fcc/attachment.sig>


More information about the Freeradius-Users mailing list