Comments from email list:
=====
From:    Thomas Arendsen Hein <thomas at intevation.de>
Subject: Re: [Roundup-devel] Clearing tracker backlog: issue2550880 add SSHA
         hash for passwords

--===============0527081911609401105==
Content-Type: multipart/signed; micalg=pgp-sha1;
        protocol="application/pgp-signature"; boundary="45Z9DzgjV8m4Oswq"
Content-Disposition: inline

--45Z9DzgjV8m4Oswq
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

* John P. Rouillard <rouilj at cs.umb.edu> [20160409 03:50]:
> Does anybody believe adding the patch attached to:
>   http://issues.roundup-tracker.org/issue2550880

Feel free to copy my answer into the issue:

It is a good idea, because Roundup already supports SHA, MD5 and
crypt and if people can't use PBKDF2, but can use SSHA or SHA in
their existing environment, they might be forced to fall back to
SHA, or worse: storing the password in plaintext and hashing it
separately for each service.

> is a good idea? The rationale to support a password that is used by
> ldap and other authentication providers seems reasonable, but is that
> something we want to allow/promote?

It is not just Roundup -> OpenLDAP, but OpenLDAP -> Roundup could
then be easily done, too.

> I did a quick review and at first glance it seems to be doing what I
> expect. The tests run and produce what looks like sane hashes.
> I assume SSHA is not considered sufficiently secure since it is based
> on SHA-1.

PBKDF2 is based on SHA-1, too.

SSHA is not insecure, it is just less secure than PBKDF2, which in
turn is less secure than other algorithms (e.g. PBKDF2-SHA512).

But this less security is better than no security, see above.

> If the consenus is that SSHA should not be used, would
> SSHA-512 be considered better?

Same problem: If SSHA-512 is not supported with the other services,
people might fall back to something worse.

> Openldap has a way to use pbkdf2, so that could be used as a common
> password interchange format fulfilling the original requirement.

The module is not included everywhere, e.g Debian jessie. So people
would have to fall back to unsalted SHA or compile _and_ maintain
the module by themselves.

> Unless I hear otherwise, I am tempted to close out the ticket with a
> comment that we only support pbkdf2 and SHA1 is not supported.

At least add support for reading SSHA, but not writing it.

And regarding writing: I think the admin should have a choice.

I'm currently using Roundup's PBKDF2 hashes for Moin wikis, but when
Roundup moves to e.g. PBKDF2-SHA512, this might no longer work until
Moin supports that, too (unless it already does, I have not
checked).
===