Blowfish hashed passwords
The PHP app I’m using on my website uses PHP to generate password hashes to be stored into the user database. These password hashes use Blowfish encryption ("$2y$”). In fact, since PHP 5.3.0, PHP contains its own implementation of the hash types it supports including:
- CRYPT_STD_DES
- CRYPT_EXT_DES
- CRYPT_MD5
- CRYPT_BLOWFISH
- CRYPT_SHA256
- CRYPT_SHA512
The C code for these hash types is in https://github.com/php/php-src/tree/master/ext/standard https://github.com/php/php-src/tree/master/ext/standard
I’m working on adding Dovecot to my site, but Dovecot doesn’t seem to support Blowfish password hashes (at least on Ubuntu 14.04).
Would you consider adding built-in “fallback” support for Blowfish and SHA512 (which doesn’t seem to be supported either on Ubuntu 14.04 last time I checked) to an upcoming Dovecot release?
You could probably take the source code from the GitHub PHP repo to incorporate support for these hash types in Dovecot. That way, Dovecot could easily use the same hash types that PHP supports regardless of what hash types are installed in the OS running Dovecot.
And, I wouldn’t have to deal with a second set of hashes for Dovecot passdb for my existing user accounts.
See PHP manual for crypt function: http://php.net/manual/en/function.crypt.php
Kevin
On 03.06.2016 04:16, KT Walrus wrote:
The PHP app I’m using on my website uses PHP to generate password hashes to be stored into the user database. These password hashes use Blowfish encryption ("$2y$”). In fact, since PHP 5.3.0, PHP contains its own implementation of the hash types it supports including:
- CRYPT_STD_DES
- CRYPT_EXT_DES
- CRYPT_MD5
- CRYPT_BLOWFISH
- CRYPT_SHA256
- CRYPT_SHA512
The C code for these hash types is in https://github.com/php/php-src/tree/master/ext/standard https://github.com/php/php-src/tree/master/ext/standard
I’m working on adding Dovecot to my site, but Dovecot doesn’t seem to support Blowfish password hashes (at least on Ubuntu 14.04).
Would you consider adding built-in “fallback” support for Blowfish and SHA512 (which doesn’t seem to be supported either on Ubuntu 14.04 last time I checked) to an upcoming Dovecot release?
You could probably take the source code from the GitHub PHP repo to incorporate support for these hash types in Dovecot. That way, Dovecot could easily use the same hash types that PHP supports regardless of what hash types are installed in the OS running Dovecot.
And, I wouldn’t have to deal with a second set of hashes for Dovecot passdb for my existing user accounts.
See PHP manual for crypt function: http://php.net/manual/en/function.crypt.php
Kevin Hi!
We support in latest 2.2 release
MD5 MD5-CRYPT SHA SHA1 SHA256 SHA512 SMD5 SSHA SSHA256 SSHA512 PLAIN CLEAR CLEARTEXT PLAIN-TRUNC CRAM-MD5 SCRAM-SHA-1 HMAC-MD5 DIGEST-MD5 PLAIN-MD4 PLAIN-MD5 LDAP-MD5 LANMAN NTLM OTP SKEY RPA CRYPT SHA256-CRYPT SHA512-CRYPT
There is also blowfish support as BLF-CRYPT, but that requires that your system supports it. CRYPT supports whatever your crypt() supports.
Aki
participants (2)
-
Aki Tuomi
-
KT Walrus