1,103
edits
LDAP: Difference between revisions
From London Hackspace Wiki
m
typos
(username details) |
m (typos) |
||
| Line 26: | Line 26: | ||
The hash it uses is not very good: [https://en.wikipedia.org/wiki/MD4 MD4], and just hashes the password (i.e., no [https://en.wikipedia.org/wiki/Salt_%28cryptography%29 salt]), this means that if someone hacks the ldap server and gets a list of hashes then it's trivial to use an offline dictionary of hashed password (aka a rainbow table) to find peoples passwords. | The hash it uses is not very good: [https://en.wikipedia.org/wiki/MD4 MD4], and just hashes the password (i.e., no [https://en.wikipedia.org/wiki/Salt_%28cryptography%29 salt]), this means that if someone hacks the ldap server and gets a list of hashes then it's trivial to use an offline dictionary of hashed password (aka a rainbow table) to find peoples passwords. | ||
=== I use the same password everywhere should I use it for the SSHA and NTLM hash's? === | === I use the same password everywhere, should I use it for the SSHA and NTLM hash's? === | ||
No! | No! | ||
| Line 34: | Line 34: | ||
=== Can I choose any username I like? === | === Can I choose any username I like? === | ||
Yes, but please be considerate of others - | Yes, but please be considerate of others - If you use one name on the mailing list, another in real life and yet another in IRC expect a lot of confused people who don't know who you are. Please try to keep things simple by having consistent names. | ||
Additionally attempting to impersonate someone else will get you in to trouble very quickly... | Additionally attempting to impersonate someone else will get you in to trouble very quickly... | ||
