[Dovecot] bcypt availability

Robin dovecot at r.paypc.com
Sun Jul 15 21:32:12 EEST 2012

On 7/15/2012 2:14 AM, Ed W wrote:
> Interestingly, there doesn't seem to be so much difference between
> iterated sha-512 (sha512crypt) and bcrypt. Based on looking at latest
> john the ripper results (although I'm a bit confused because they don't
> seem to quote the baseline results using the normal default number of
> rounds?)
> So I think right now, many/most modern glibc are shipping with
> sha256/512crypt implementations (recently uclibc also added this).

Indeed.  What I have seen is a create deal of variation in the 
configuration (/etc/login.defs or your distro's equivalent) in terms of 
making use of such things.

I don't see any added value to bcrypt over iterated SHA-512, really, and 
while I don't even pretend to claim I've looked at all distros, even 
"old-school" ones like Slackware have full support for it.  I suspect 
many admins doubt this because of configurations that don't make use of 
the modern hashing functionality.

Converting shadow files and/or login.defs would seem to be the bulk of 
the SysAdmin work to beef up the protection to bcrypt levels here.

Remember to keep this in perspective though - as the nature of this 
"vulnerability" extends to the case where your shadow file's hashes have 
been cloned, meaning a root-compromise or local device clone/access was 
made of it, etc.


More information about the dovecot mailing list