most secure password scheme

David Mehler dave.mehler at gmail.com
Sun Apr 30 04:59:01 EEST 2017


Hello,

Thanks for the explanation. So should I go with SSHA512 or
SHA512-CRYPT? From your explanation i'm interpreting to mean that
SHA512-CRYPT also salts. This is for storing in a mysql database.
Also, what should the password field length and type be set for?
Currently it's varchar(128)

Thanks.
Dave.


On 4/29/17, Aki Tuomi <aki.tuomi at dovecot.fi> wrote:
>
>> On April 29, 2017 at 4:22 AM David Mehler <dave.mehler at gmail.com> wrote:
>>
>>
>> Hello,
>>
>> I have a few questions on password schemes. Is SHA512 the most secure?
>> Is there a difference between SHA512 and SHA512-CRYPT? What about
>> SSHA512 and SSH512-CRYPT?
>>
>> Is there a problem with this sql statement:
>>
>> UPDATE virtual_users SET password=CONCAT(‘{SHA256-CRYPT}’, ENCRYPT
>> (‘Password Goes Here’, CONCAT(‘$5$’, SUBSTRING(SHA(RAND()), -16))))
>> WHERE user=’user at example.com’;
>>
>> I'm getting an error 1064 at the ending email address.
>>
>> Thanks.
>> Dave.
>
> SSHA512 is salted SHA512, SHA512-CRYPT is crypt(3) compatible salted hash.
> PCKS5 or SHA512-CRYPT with over 1000 rounds is probably very secure, but
> SHA512-CRYPT is also good. Using SHA512 is not recommended, as it's unsalted
> hash.
>
> If ENCRYPT is same as crypt(3) then you can try put rounds into salt, like
> "$6$rounds=4000$s9Zc4OA11IuLt/iV$".
>
> Aki
>


More information about the dovecot mailing list