Re: [ldap-sdk-discuss] MD5 Authentication
A Java-based LDAP API
Brought to you by:
dirmgr,
kennethleo
Menu
▾
▴
Re: [ldap-sdk-discuss] MD5 Authentication
|
From: Neil W. <nei...@pi...> - 2023-05-02 14:42:29
|
Could you please clarify what you mean by MD5 authentication? Do you mean the DIGEST-MD5 or CRAM-MD5 SASL mechanisms? If so, then the LDAP SDK does support them through the DIGESTMD5BindRequest <https://docs.ldap.com/ldap-sdk/docs/javadoc/index.html?com/unboundid/ldap/sdk/DIGESTMD5BindRequest.html> and CRAMMD5BindRequest <https://docs.ldap.com/ldap-sdk/docs/javadoc/index.html?com/unboundid/ldap/sdk/CRAMMD5BindRequest.html> classes, respectively, and the Javadoc documentation for each class does provide a short example that demonstrates how to use them. However, both of these authentication mechanisms are considered insecure for a couple of key reasons: - They rely on the MD5 digest algorithm, which is now considered very weak and should no longer be used. - They require the server to store the password in a reversible format, which makes it more vulnerable to compromise than other types of authentication that work with passwords stored in non-reversible form. In this case, if the server supports it, then one of the SCRAM authentication methods (e.g., using SCRAMSHA256BindRequest <https://docs.ldap.com/ldap-sdk/docs/javadoc/index.html?com/unboundid/ldap/sdk/SCRAMSHA256BindRequest.html> or SCRAMSHA512BindRequest <https://docs.ldap.com/ldap-sdk/docs/javadoc/index.html?com/unboundid/ldap/sdk/SCRAMSHA512BindRequest.html>) would be a better choice because that relies on a stronger digest algorithm and makes it possible for the server to store passwords in a non-reversible form (albeit one that is tied to that particular authentication mechanism). If you’re asking about some other type of authentication that relies on the MD5 digest, then please provide more information. However, the LDAP SDK probably doesn’t support it, and you really shouldn’t be using anything that relies on the MD5 digest. Neil Wilson On Tue, May 2, 2023 at 8:29 AM Andrei Petru Mura <map...@gm...> wrote: > Hello everyone, > > Is there an example on how to enable MD5 authentication for UnboundID on > Java and how to perform it from the client side? > > Thanks, > Andrei Mura > _______________________________________________ > ldap-sdk-discuss mailing list > lda...@li... > https://lists.sourceforge.net/lists/listinfo/ldap-sdk-discuss > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._ |
