<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview
A password storage [scheme] provides a mechanism for encoding user [password] for [Store] in the [server].  


In most cases, the password is [Encrypted] in a manner that prevents users from determining what the [Cleartext] [password] is, while still allowing the server to determine whether the user-supplied [password] is correct.

[{$pagename}]s we have run into include:

* [3DES|Triple DES] -- The [password] will be encoded using [Triple DES]. Triple DES is a variation of the Data Encryption Standard (DES) that is three times slower than its predecessor but provides stronger reliability. The algorithm uses three 64-bit keys for a combined key length of 192 bits. The data is encrypted with the first key, decrypted with the second key, and then re-encrypted with the third key. You must ensure that all three keys, the first and the second key, or the second and the third keys are not identical.
* [AES] -- The [Advanced Encryption Standard] uses a symmetric block cipher that processes data blocks of 128 bits, using cipher keys with lengths of 128 (AES-128), 192 (AES-192), and 256 (AES-256) bits and is based on the Rijndael algorithm.
* [Base64] -- The password will be [Base64], which provides a very weak form of protection and should only be used for cases in which clients require this storage scheme.
* [Blowfish] -- The password will be encoded using the [Blowfish] [Algorithm] with a 128 bits key length.
* [CLEAR|Cleartext] -- The password will be stored in [Cleartext]. 
* [Crypt] -- The password will be encoded using the [Crypt].  This is a one-way algorithm, but it is considered weak by current standards and should generally only be used for clients which require this storage scheme.
* [MD5] -- The password will be encoded using an unsalted version of the [MD5] Message digest algorithm.  This is relatively secure and any one of the [Secure Hash Algorithm] variants are considered stronger than [MD5].
* [RC4] -- [PROHIBITED] The password will be encoded using RC4, a stream cipher using a variable key-size stream cipher with byte-oriented operations. The algorithm is based on the use of a random permutation.
* [SMD5|MD5] -- The password will be encoded using a [Salt] version of the [MD5] message digest algorithm.
* [SHA|Secure Hash Algorithm] -- ([SHA-1 Deprecation]) The [password] will be encoded using an unsalted version of the [SHA-1] [Secure Hash Algorithm].  The salted variant of this algorithm is preferred.
* [SSHA|Secure Hash Algorithm] -- The password will be encoded using a [Salt] version of the [SHA-1] [Secure Hash Algorithm].  
* [SHA256] -- The password will be encoded without [salt] 256-bit version of the [SHA-2] [Secure Hash Algorithm].
* [SHA384] -- The password will be encoded without [salt] 384-bit version of the [SHA-2] [Secure Hash Algorithm].
* [SHA512] -- The password will be encoded without [salt] 512-bit version of the [SHA-2] [Secure Hash Algorithm].
* [SSHA256|SHA256] -- The password will be encoded using a [salt]ed 256-bit version of the [SHA-2] [Secure Hash Algorithm].
* [SSHA384|SHA384] -- The password will be encoded using a [salt]ed 384-bit version of the [SHA-2] [Secure Hash Algorithm].
* [SSHA512|SHA512] -- The password will be encoded using a [salt]ed 512-bit version of the [SHA-2] [Secure Hash Algorithm].


Note that some [LDAP Servers|LDAP Server Implementations] also supports the use of the [Authentication Password Syntax].

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Password Storage Scheme|https://docs.oracle.com/en/middleware/idm/unified-directory/12.2.1.3/oudcr/password-storage-scheme.html|target='_blank'] - based on information obtained 2019-12-30
















</pre>