On 2/12/19 7:16 PM, Michael Slusarz via dovecot wrote:
On February 12, 2019 at 4:33 PM Robert Moskowitz via dovecot dovecot@dovecot.org wrote:
On 2/12/19 6:03 PM, Matthias Fechner via dovecot wrote:
Am 12.02.2019 um 17:05 schrieb Robert Moskowitz via dovecot:
I have trying to find how to set the dovecot-sql.conf for using SHA256/512. I am going to start clean with the stronger format, not migrate from the old MD5. It seems all I need is: you maybe would like to have a look to the hashing algo ARGON2I which is currently recommended for new developments and deployments. Recommended by whom?
Can you provide a link? https://password-hashing.net/
Thank you very interesting. I will read draft-irtf-cfrg-argon2-04.txt
And see the comments on the cfrg list. Russ Housley had concerns about the 03 draft; I will have to see if they are addressed in the 04 draft.
I really don't like SHA512, a bit of a hack that was rushed out before SHA3.