The idea of salted hash algorithms is to generate a different hash
even if the same text is entered. That can be easily seen with dovecotpw:
using NON-salted SHA256, same hash is generated for a given password
[root@correio ~]# dovecotpw -s SHA256 -p 123 {SHA256}pmWkWSBCL51Bfkhn79xPuKBKHz//H6B+mY6G9/eieuM= [root@correio ~]# dovecotpw -s SHA256 -p 123 {SHA256}pmWkWSBCL51Bfkhn79xPuKBKHz//H6B+mY6G9/eieuM= [root@correio ~]# dovecotpw -s SHA256 -p 123 {SHA256}pmWkWSBCL51Bfkhn79xPuKBKHz//H6B+mY6G9/eieuM= [root@correio ~]#
using SALTED SHA256, a different hash is generated for the same given password
[root@correio ~]# dovecotpw -s SSHA256 -p 123 {SSHA256}FpJZqafpEVKp2heepp9Z7+OeHaX+DBVpLzd6GKg3BW1XqDS0 [root@correio ~]# dovecotpw -s SSHA256 -p 123 {SSHA256}6lWmvtO3SKG5RMET5n89WMIp0xeCg3U14xH1xnAXbvkr8Yjk [root@correio ~]# dovecotpw -s SSHA256 -p 123 {SSHA256}7fXVjC7Iiu0Ko9SgyBpbDvbwMSkoxMILRjDUE0nNpCHBFaIa [root@correio ~]#
This ideia is OK to me ...
but i'm having a hard time trying to figure out how my
dovecot-sql.conf would be in the case i store salted SHA256 passwords on the database. The idea is to use a RANDOM salt, not a fixed one, just like dovecotpw does.
would it be as simple as changing the 'password', which today is
plaintext, by something like
concat('{SHA256}',password) ???
dont i have to give the salt, somehow ?? Or should i store the salt
used in the password, for example first or last N characters ....
is there anyone using dovecot with MySQL and SSHA256 passwords that
can share me the dovecot-sql.conf file ?
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertrudes@solutti.com.br
My SPAMTRAP, do not email it
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Sat, Feb 13, 2010 at 10:09:34PM -0200, Leonardo Rodrigues wrote:
The idea of salted hash algorithms is to generate a different hash even
if the same text is entered. That can be easily seen with dovecotpw:
I don't know about dovecot's algorithm especially, but the idea about salt is that you store the salt along with the password (typically the few first chars, say two). And indeed, if you compare the lengths of your unsalted vs. salted variants:
unsalted:
pmWkWSBCL51Bfkhn79xPuKBKHz//H6B+mY6G9/eieuM= salted: FpJZqafpEVKp2heepp9Z7+OeHaX+DBVpLzd6GKg3BW1XqDS0
there seem to be a couple of chars more in the salted variant. The algorithm for checking is just: cut off the salt, merge with provided password, digest (SHA), compare to stored hashed password.
but i'm having a hard time trying to figure out how my dovecot-sql.conf
would be in the case i store salted SHA256 passwords on the database. The idea is to use a RANDOM salt, not a fixed one, just like dovecotpw does.
would it be as simple as changing the 'password', which today is
plaintext, by something like
concat('{SHA256}',password) ???
dont i have to give the salt, somehow ?? Or should i store the salt
used in the password, for example first or last N characters ....
No, just let Dovecot's algorithm do the generation (and later checking) of the password? (I might be misunderstanding your problem, though).
Regards
- -- tomás -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFLd54DBcgs9XrR2kYRAnUGAJwOjHhCdhOZCMH/5YkFnQbXq7satQCfTNbn 8v9/1zO1R64StmAFF/vV5so= =KbUx -----END PGP SIGNATURE-----
Em 14/02/2010 04:53, tomas@tuxteam.de escreveu:
No, just let Dovecot's algorithm do the generation (and later checking) of the password? (I might be misunderstanding your problem, though).
unfortunelly i cant do that. I have my own accounts admin system,
written in PHP, which does mail management (creating accounts, changing passwords) ... so i'm afraid i'll have to know exactly how to generate them in a way dovecot is able to handle too.
from sources on src/auth i can find some interesting informations:
/* format: <SHA1 hash><salt> */
and
#define SSHA256_SALT_LEN 4
so the salt really seems to be 4-byte (which in fact are 8 when watching in hexadecimal), the exact difference on dovecotpw non-salted and salted generated passwords.
So it would be enough to generate the password, SHA256 salted, and store the salt as the last 8 hexadecimal digits ?
SHA256 hash is 64-characteres in hexadecimal, which can be base64 encoded for being stored shorter. SHA256 salt is 8-characters in hexadecimal, which should be added to the end of the SHA256 hash
so stored password would be:
{SSHA256.hex}GENERATEDSALTEDHASH+GENERATEDSALT
or having the GENERATEDSALTEDHASH+GENERATEDSALT base64 encoded and stored as:
{SSHA256.b64}BASE64ENCODEDGENERATEDSALTEDHASH+GENERATEDSALT
is that OK ?
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertrudes@solutti.com.br
My SPAMTRAP, do not email it
Why not make it easy on yourself. Just let dovecot use crypt, and use
whatever format your system crypt supports.
Personally I'm using 16byte salt, sha512 for mine this way. Seems
should work with everything, that lets you use the system's crypt.
Quoting Leonardo Rodrigues <leolistas@solutti.com.br>:
Em 14/02/2010 04:53, tomas@tuxteam.de escreveu:
No, just let Dovecot's algorithm do the generation (and later checking) of the password? (I might be misunderstanding your problem, though).
unfortunelly i cant do that. I have my own accounts admin
system, written in PHP, which does mail management (creating
accounts, changing passwords) ... so i'm afraid i'll have to know
exactly how to generate them in a way dovecot is able to handle too.from sources on src/auth i can find some interesting informations:
/* format: <SHA1 hash><salt> */
and
#define SSHA256_SALT_LEN 4
so the salt really seems to be 4-byte (which in fact are 8 when
watching in hexadecimal), the exact difference on dovecotpw
non-salted and salted generated passwords.So it would be enough to generate the password, SHA256 salted, and
store the salt as the last 8 hexadecimal digits ?SHA256 hash is 64-characteres in hexadecimal, which can be base64
encoded for being stored shorter. SHA256 salt is 8-characters in hexadecimal, which should be added to
the end of the SHA256 hashso stored password would be:
{SSHA256.hex}GENERATEDSALTEDHASH+GENERATEDSALT
or having the GENERATEDSALTEDHASH+GENERATEDSALT base64 encoded and stored as:
{SSHA256.b64}BASE64ENCODEDGENERATEDSALTEDHASH+GENERATEDSALT
is that OK ?
--
Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email gertrudes@solutti.com.br My SPAMTRAP, do not email it
that's all because i already have a account manager system, written
on PHP, which i had to kept. So i was trying to understand how that's work to make it work on my system i couldnt stop using.
but after some tryings i got everything running. All my passwords
were already migrated from plaintext to Salted-SHA2-256.
Thanks for all the help :)
Em 16/02/2010 17:47, Patrick Domack escreveu:
Why not make it easy on yourself. Just let dovecot use crypt, and use whatever format your system crypt supports.
Personally I'm using 16byte salt, sha512 for mine this way. Seems should work with everything, that lets you use the system's crypt.
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertrudes@solutti.com.br
My SPAMTRAP, do not email it
On 15.2.2010, at 19.42, Leonardo Rodrigues wrote:
from sources on src/auth i can find some interesting informations:
/* format: <SHA1 hash><salt> */
and
#define SSHA256_SALT_LEN 4
so the salt really seems to be 4-byte (which in fact are 8 when watching in hexadecimal), the exact difference on dovecotpw non-salted and salted generated passwords.
The generated SSHA256 passwords have 4 byte salt, but Dovecot supports reading any salt length.
Leonardo Rodrigues wrote:
The idea of salted hash algorithms is to generate a different hash
even if the same text is entered. That can be easily seen with dovecotpw:
using NON-salted SHA256, same hash is generated for a given password
[root@correio ~]# dovecotpw -s SHA256 -p 123 {SHA256}pmWkWSBCL51Bfkhn79xPuKBKHz//H6B+mY6G9/eieuM= [root@correio ~]# dovecotpw -s SHA256 -p 123 {SHA256}pmWkWSBCL51Bfkhn79xPuKBKHz//H6B+mY6G9/eieuM= [root@correio ~]# dovecotpw -s SHA256 -p 123 {SHA256}pmWkWSBCL51Bfkhn79xPuKBKHz//H6B+mY6G9/eieuM= [root@correio ~]#
using SALTED SHA256, a different hash is generated for the same given password
[root@correio ~]# dovecotpw -s SSHA256 -p 123 {SSHA256}FpJZqafpEVKp2heepp9Z7+OeHaX+DBVpLzd6GKg3BW1XqDS0 [root@correio ~]# dovecotpw -s SSHA256 -p 123 {SSHA256}6lWmvtO3SKG5RMET5n89WMIp0xeCg3U14xH1xnAXbvkr8Yjk [root@correio ~]# dovecotpw -s SSHA256 -p 123 {SSHA256}7fXVjC7Iiu0Ko9SgyBpbDvbwMSkoxMILRjDUE0nNpCHBFaIa [root@correio ~]#
This ideia is OK to me ... but i'm having a hard time trying to figure out how my
dovecot-sql.conf would be in the case i store salted SHA256 passwords on the database. The idea is to use a RANDOM salt, not a fixed one, just like dovecotpw does.
would it be as simple as changing the 'password', which today is
plaintext, by something like
concat('{SHA256}',password) ???
dont i have to give the salt, somehow ?? Or should i store the
salt used in the password, for example first or last N characters ....
is there anyone using dovecot with MySQL and SSHA256 passwords
that can share me the dovecot-sql.conf file ?
How about just putting
default_pass_scheme = SSHA256
in your dovecot-sql file? I do it that way for CRAM-MD5.
Rgds, N.
participants (5)
-
Leonardo Rodrigues
-
Nick Rosier
-
Patrick Domack
-
Timo Sirainen
-
tomas@tuxteam.de