I did a similar upgrade, and now in the process of migrating from SHA512-CRYPT to BLF-CRYPT with an appropriately set rounds, as I think the default rounds is a little low.
A good write-up on migrating passwords and calculating the rounds: https://kaworu.ch/blog/2016/04/20/strong-crypt-scheme-with-dovecot-postfixad...
I would take into consideration the following factors when deciding the hashing algo.
Other tools/scripts that need to update or check passwords in the database, for example: password
- roundcube webmail has a plugin to allow users to change their
using a variety of methods.
- postfixadmin
For a long time, bcrypt wasn't natively supported by either the version of php or underlying OS libs, so these tools had to rely on calling "doveadm pw " to generate BLF-CRYPT hashes. And assumed that doveadm was available on the same server as it.
The latest versions support bcrypt and newer hashing algos natively.
Some tools might rely on the database (mysql/mariadb) to hash passwords, so this may also be a consideration.
Server load / libs:
The Dovecot docs: https://doc.dovecot.org/configuration_manual/authentication/password_schemes... has this to say on ARGON2I/ARGON2ID:
"Argon2 is the winner of password hashing competition held at July
The password will start with $argon2i$ or $argon2id$. You can use -r to tune computational complexity, minimum is 3. ARGON2ID is only available if your libsodium is recent enough. ARGON2 can require quite a hefty amount of virtual memory, so we recommend that you set service auth { vsz_limit = 2G } at least, or more."
There's a good write up of considering the various algos:
https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet....
I considered BLF-CRYPT (for the time being) to be strong enough and a good balance between compatibility, strength and server load, given the number of users etc.
Rob
On 2023-06-23 02:14, David Mehler wrote:
Hello,
I'm migrating to a new server. It's running Debian 11 currently though that's going 12 this weekend. Currently it uses Openssl v3.0.9, and dovecot 2.3.13 and MySQL (in this case Mariadb) for storing user account information v10.6.14. My question is in regards password storage and scheme/encryption/salts.
Currently they are stored in Mariadb password field with a type of varchar and a 255 character length, and are stored as SHA512-CRYPT. I'm wondering if I should keep this as is or when I migrate go to another scheme? I'm thinking argon2i, argon2d, argon2id, sha512, sha512-crypt, tiger2, saltt?
-- Robert Lister - email: robl@lentil.org - tel: 020 7043 7996