On 7/12/12, Nick Edwards nick.z.edwards@gmail.com wrote:
Dear Timo,
Do you intend to introduce bcrypt into the built in password schemes?
In lew of all these hacks lately many larger companies appear moving this way, we are looking at it too, but dovecot will then be the weakest link in the database security.
So, are you planning on this and if so what sort of timeframe / version would you expect it to be in beta ?
Nik
Interestingly, there doesn't seem to be so much difference between iterated sha-512 (sha512crypt) and bcrypt. Based on looking at latest john the ripper results (although I'm a bit confused because they don't seem to quote the baseline results using the normal default number of rounds?)
So I think right now, many/most modern glibc are shipping with sha256/512crypt implementations (recently uclibc also added this). A small number ship with bcrypt (I have a patch for uclibc), which would mean that dovecot supported bcrypt out of the box.
For everything else I guess you want a small application and use the checkpass dovecot method to do external checking? You could for example implement scrypt checking this way (although I think there is a risk of running out of server ram if you have many simultaneous logins..?)
I previously thought I wanted bcrypt, but after some consideration I believe sha256/512crypt is likely sufficient for reasonable security
Cheers
Ed W