This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Password Storage Scheme
Password Storage Scheme

Version management

Difference between version and

At line 1 added 50 lines
!!! Overview
A password storage [scheme] provides a mechanism for encoding user [password] for [Store] in the [server].
In most cases, the password is [Encrypted] in a manner that prevents users from determining what the [Cleartext] [password] is, while still allowing the server to determine whether the user-supplied [password] is correct.
[{$pagename}]s we have run into include:
* [3DES|Triple DES] -- The [password] will be encoded using [Triple DES]. Triple DES is a variation of the Data Encryption Standard (DES) that is three times slower than its predecessor but provides stronger reliability. The algorithm uses three 64-bit keys for a combined key length of 192 bits. The data is encrypted with the first key, decrypted with the second key, and then re-encrypted with the third key. You must ensure that all three keys, the first and the second key, or the second and the third keys are not identical.
* [AES] -- The [Advanced Encryption Standard] uses a symmetric block cipher that processes data blocks of 128 bits, using cipher keys with lengths of 128 (AES-128), 192 (AES-192), and 256 (AES-256) bits and is based on the Rijndael algorithm.
* [Base64] -- The password will be [Base64], which provides a very weak form of protection and should only be used for cases in which clients require this storage scheme.
* [Blowfish] -- The password will be encoded using the [Blowfish] [Algorithm] with a 128 bits key length.
* [CLEAR|Cleartext] -- The password will be stored in [Cleartext].
* [Crypt] -- The password will be encoded using the [Crypt]. This is a one-way algorithm, but it is considered weak by current standards and should generally only be used for clients which require this storage scheme.
* [MD5] -- The password will be encoded using an unsalted version of the [MD5] Message digest algorithm. This is relatively secure and any one of the [Secure Hash Algorithm] variants are considered stronger than [MD5].
* [RC4] -- [PROHIBITED] The password will be encoded using RC4, a stream cipher using a variable key-size stream cipher with byte-oriented operations. The algorithm is based on the use of a random permutation.
* [SMD5|MD5] -- The password will be encoded using a [Salt] version of the [MD5] message digest algorithm.
* [SHA|Secure Hash Algorithm] -- ([SHA-1 Deprecation]) The [password] will be encoded using an unsalted version of the [SHA-1] [Secure Hash Algorithm]. The salted variant of this algorithm is preferred.
* [SSHA|Secure Hash Algorithm] -- The password will be encoded using a [Salt] version of the [SHA-1] [Secure Hash Algorithm].
* [SHA256] -- The password will be encoded without [salt] 256-bit version of the [SHA-2] [Secure Hash Algorithm].
* [SHA384] -- The password will be encoded without [salt] 384-bit version of the [SHA-2] [Secure Hash Algorithm].
* [SHA512] -- The password will be encoded without [salt] 512-bit version of the [SHA-2] [Secure Hash Algorithm].
* [SSHA256|SHA256] -- The password will be encoded using a [salt]ed 256-bit version of the [SHA-2] [Secure Hash Algorithm].
* [SSHA384|SHA384] -- The password will be encoded using a [salt]ed 384-bit version of the [SHA-2] [Secure Hash Algorithm].
* [SSHA512|SHA512] -- The password will be encoded using a [salt]ed 512-bit version of the [SHA-2] [Secure Hash Algorithm].
Note that some [LDAP Servers|LDAP Server Implementations] also supports the use of the [Authentication Password Syntax].
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Password Storage Scheme|https://docs.oracle.com/en/middleware/idm/unified-directory/12.2.1.3/oudcr/password-storage-scheme.html|target='_blank'] - based on information obtained 2019-12-30
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop