Perl 6 - the future is here, just unevenly distributed

IRC log for #openam, 2015-10-08

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:10 noisebleed_ joined #openam
00:30 yawnt joined #openam
00:59 MegaMatt joined #openam
05:30 ovix joined #openam
06:35 KermitTheFragger joined #openam
07:53 aldaris joined #openam
08:05 ovix joined #openam
08:23 ovix joined #openam
08:48 ovix joined #openam
08:54 ovix joined #openam
09:28 aldaris joined #openam
09:28 ovix joined #openam
09:32 ovix_ joined #openam
09:36 ovix joined #openam
09:42 ovix_ joined #openam
09:47 ovix joined #openam
09:55 ovix_ joined #openam
10:05 ovix joined #openam
10:08 ovix_ joined #openam
10:33 ovix joined #openam
10:36 ovix_ joined #openam
10:41 ovix joined #openam
10:44 ovix_ joined #openam
11:28 MegaMatt joined #openam
11:38 ovix joined #openam
11:40 ovix__ joined #openam
12:04 mckeanbs joined #openam
13:23 us3r777 Hi
13:23 aldaris hi
13:23 us3r777 I'm still on my "How are passwords stored in the configstore" problem. After a look at this procedure https://wikis.forgerock.org/confluence/dis​play/openam/Change+UrlAccessAgent+Password and a bit of reverse I figured out that the password was first hashed and encoded using base64(sha1(password)) (line 3,4 using com.sun.identity.shared.encode.Hash.) and then symetricaly encoded using PBEWithMD5AndDES (defa
13:23 us3r777 ult CRYPTO_DESCRIPTOR) and KmhUnWR1MYWDYW4xuqdF5nbm+CXIyOVt DEFAULT_PWD or am.encryption.pwd as password (line 5 using com.iplanet.services.ldap.ServerConfigMgr).
13:23 us3r777 My question now is : Is there a way to configure these hashing functions ? For instance, adding some salt to the first sha1 to get a stronger hash. Or using a stronger algorithm than PBEWithMD5AndDES to do symetric encryption like PBEWithSHA1AndDESede.
13:39 ovix joined #openam
13:43 aldaris you could also just remove that account as it doesn't really serve much purpose
13:43 aldaris and no, there is no support for salted hashes
14:37 aldaris joined #openam
14:44 us3r777 The UrlAccessAgent yes, but the hash of the amAdmin password is stored using the same method in sunIdentityRepositoryService->1.​0->GlobalConfig->default->users
14:45 aldaris indeed
14:45 aldaris still: no salted hash support available currently
14:52 us3r777 Ok, and no PasswordBasedEncryption relying on something else that MD5/DES either ?
14:52 aldaris nope
14:53 us3r777 Are these 2 features on the OpenAM roadmap ?
14:56 aldaris nope
14:56 aldaris not visibly at least
14:57 aldaris I think we had two different attempts trying to implement better symmetric encryption support for OpenAM
14:57 aldaris but both of them are mostly doomed to fail as implementing upgrade appears to be *quite* difficult
15:02 us3r777 Ok, thank you for your help
16:19 aldaris joined #openam
18:21 aldaris joined #openam
18:45 aldaris joined #openam
19:09 aldaris joined #openam
19:41 aldaris joined #openam
20:09 aldaris joined #openam
20:51 aldaris joined #openam
21:57 aldaris joined #openam
22:28 aldaris joined #openam
23:16 aldaris joined #openam
23:45 aldaris joined #openam

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary