[Dovecot] Custom password encryption scheme, how to do it?
Hi all,
I'm a fairly recent convert to Dovecot/Postfix from Sendmail, so please be gentle (and assume I know nothing). :)
I've got a Postfix/Dovecot/PostgreSQL setup with a custom DB schema for my email. This database is also used for a bigger program I use for all my hosting needs (domains, etc.). Currently, I've set it up to use plain-text authentication while I was developing it and getting things running. Now though it's up and running fine, so I want to increase the strength of my passwords that Postfix/Dovecot use.
I currently have two fields in a table called 'users'; 'usr_password' which is plain-text and what Postfix/Dovecot currently use and 'usr_strong_password', which stores a stronger hash and is used by the main program.
My question is, can I have Postfix/Dovecot use a custom password hashing system?
The way I store my strong password (as used by the web-interface) is;
Take the password provided from the user
Read a stored 'salt' value from the database (unique per user and changed on password [re]sets).
Generate an initial SHA256 hash out of the password+salt.
Re-hash the initial SHA256 hash many thousands of times.
Compare the final hash with the hash stored in 'usr_strong_password'.
If I can tell Dovecot how to do this, where would I do it? Is there a document/howto/etc someone could point me to? Is there a file I should look at?
Thanks all!!
Madi
- Generate an initial SHA256 hash out of the password+salt.
- Re-hash the initial SHA256 hash many thousands of times.
As an aside you should do some research to determine if the second of these steps adds any value. I don't believe that there is a known way to reverse an SHA256 hash, and if one is discovered it's not immediately obvious that the technique would not break the case of it being applied multiple times...
Also the keyspace of a password with say 8 alphanumeric chars is very much smaller than an SHA256 space, so you have a big bruteforce issue already
Basically it's not immediately obvious that step 2 adds any or at least significant value. Perhaps instead use a larger salt?
If you are using sql lookups then of course you can code all kinds of stuff as part of the lookup...
Good luck
Ed W
Ed W wrote:
- Generate an initial SHA256 hash out of the password+salt.
- Re-hash the initial SHA256 hash many thousands of times.
As an aside you should do some research to determine if the second of these steps adds any value. I don't believe that there is a known way to reverse an SHA256 hash, and if one is discovered it's not immediately obvious that the technique would not break the case of it being applied multiple times...
The value it adds is that it slows down a brute force attackers by reducing the number of keys they can try per second (modest systems can try ~65,000 keys per second). So by re-encrypting the keys (say 65,000 times) reduces the number of keys an attacker can try per second from about 65,000/sec to 1/sec.
<... looks for the article ...>
Found it:
http://en.wikipedia.org/wiki/Key_strengthening
Also the keyspace of a password with say 8 alphanumeric chars is very much smaller than an SHA256 space, so you have a big bruteforce issue already
I will be the first to acknowledge that my encryption scheme is probably a healthy way into "overkill". As it is, the salt is a 32-byte string of alternating mixed-case letters, numbers and other characters (like space, '/', '\', '!', etc...).
The reason for the strength is that I use the underlying password scheme for multiple projects, some of which contain medical and financial information. Dovecot itself isn't such a big concern, but I like to standardize.
Basically it's not immediately obvious that step 2 adds any or at least significant value. Perhaps instead use a larger salt?
It's just to slow down brute force attacks and to help reduce the usefulness of rainbow tables that much further.
If you are using sql lookups then of course you can code all kinds of stuff as part of the lookup...
Good luck
Thanks kindly for your reply! I make *no* claims to being a security expert, so I quite welcome any feedback on my scheme. :)
Madi
On Mon, 2007-10-01 at 13:10 -0400, Madison Kelly wrote:
My question is, can I have Postfix/Dovecot use a custom password hashing system?
http://dovecot.org/patches/password-scheme-lmpass.c is an example plugin. It's been written a long time ago, so I'm not sure if it still works with v1.0. I think it should.
So the idea is that you'll define a "struct password_scheme <pluginname>_scheme" and implement the verify and generate functions.
participants (3)
-
Ed W
-
Madison Kelly
-
Timo Sirainen