You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
During a security audit conducted by a senior NSS developer these enhancements were proposed:
- use PK11_KeyGen() instead of PK11_GenerateRandom() and then use PK11_ExtractKeyValue() followed by PK11_GetKeyData() to get the key data.
- include a warning about password obfuscation not increasing security directly in the source file so that people who would like to use the code see it. The current version only includes a warning in the sssd-ldap manual page only.
Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/752
Review the password obfuscation code with NSS team and make sure that best practices are followed.
Comments
Comment from sbose at 2011-01-05 11:48:12
I think this should be done better sooner than later to avoid more issues with OpenLDAP using NSS. See https://fedorahosted.org/sssd/ticket/762
Comment from jhrozek at 2011-01-11 14:16:04
During a security audit conducted by a senior NSS developer these enhancements were proposed:
- use
PK11_KeyGen()
instead ofPK11_GenerateRandom()
and then usePK11_ExtractKeyValue()
followed byPK11_GetKeyData()
to get the key data.- include a warning about password obfuscation not increasing security directly in the source file so that people who would like to use the code see it. The current version only includes a warning in the sssd-ldap manual page only.
owner: somebody => jhrozek
Comment from sgallagh at 2011-01-11 15:24:13
Fields changed
milestone: NEEDS_TRIAGE => SSSD 1.5.1
Comment from sgallagh at 2011-01-20 18:26:03
Fixed by fd72f76
resolution: => fixed
status: new => closed
upgrade: => 0
Comment from dpal at 2012-01-19 03:02:53
Fields changed
rhbz: => 0
Comment from dpal at 2017-02-24 14:35:46
Metadata Update from @dpal:
The text was updated successfully, but these errors were encountered: