Using SHA256/512 for SQL based password

Robert Moskowitz rgm at
Wed Feb 13 02:36:49 EET 2019

On 2/12/19 7:16 PM, Michael Slusarz via dovecot wrote:
>> On February 12, 2019 at 4:33 PM Robert Moskowitz via dovecot <dovecot at> wrote:
>> On 2/12/19 6:03 PM, Matthias Fechner via dovecot wrote:
>>> Am 12.02.2019 um 17:05 schrieb Robert Moskowitz via dovecot:
>>>> I have trying to find how to set the dovecot-sql.conf for using
>>>> SHA256/512.  I am going to start clean with the stronger format, not
>>>> migrate from the old MD5.  It seems all I need is:
>>> you maybe would like to have a look to the hashing algo ARGON2I which is
>>> currently recommended for new developments and deployments.
>> Recommended by whom?
>> Can you provide a link?

Thank you very interesting.  I will read draft-irtf-cfrg-argon2-04.txt

And see the comments on the cfrg list.  Russ Housley had concerns about 
the 03 draft; I will have to see if they are addressed in the 04 draft.

I really don't like SHA512, a bit of a hack that was rushed out before SHA3.

More information about the dovecot mailing list