Argon2: Add new algorithm password hashing

[Meheni]

Today, security advise to use the Argon2 hashing algorithm. SH2 and PBKDF2 are become deprecated and I think Argon2 should be the reference.

[davidcoutadeur]

Seems interresting. The patch provides a complete module we could include in the next distribution. The module needs one dependency: libargon2-dev (debian) / libargon2-devel (epel) For future references: ftp://ftp.openldap.org/incoming/simon-levermann-170126.patch

@Meheni : do you know if OpenLDAP community intends to include it in their future 2.5 release?

[einhirn]

There's a reference to argon2 developement in OpenLDAPs ticket system http://www.openldap.org/its/index.cgi/?findid=8575, namely that they've also produced a version that uses libsodium instead of libargon2. See also https://github.com/mistotebe/openldap/tree/its8575-argon Currently it's a contrib module that would need to be built seperately.

[davidcoutadeur]

Argon2 is now included by default in OpenLDAP 2.4.50. LTB package is including it into contrib-overlay package

[davidcoutadeur]

Done in release https://github.com/ltb-project/openldap-deb/releases/tag/v2.4.50

[simonelbaz]

Hi,

The Argon2 hash algorithm seems absent in OpenLDAP 2.5.

Thanks for any info.

[davidcoutadeur]

In 2.5, Argon2 is included in OpenLDAP core. If you have some evidence it is absent, please provide them.