Using SHA256/512 for SQL based password
rgm at htt-consult.com
Wed Feb 13 02:36:49 EET 2019
On 2/12/19 7:16 PM, Michael Slusarz via dovecot wrote:
>> On February 12, 2019 at 4:33 PM Robert Moskowitz via dovecot <dovecot at dovecot.org> wrote:
>> On 2/12/19 6:03 PM, Matthias Fechner via dovecot wrote:
>>> Am 12.02.2019 um 17:05 schrieb Robert Moskowitz via dovecot:
>>>> I have trying to find how to set the dovecot-sql.conf for using
>>>> SHA256/512. I am going to start clean with the stronger format, not
>>>> migrate from the old MD5. It seems all I need is:
>>> you maybe would like to have a look to the hashing algo ARGON2I which is
>>> currently recommended for new developments and deployments.
>> Recommended by whom?
>> Can you provide a link?
Thank you very interesting. I will read draft-irtf-cfrg-argon2-04.txt
And see the comments on the cfrg list. Russ Housley had concerns about
the 03 draft; I will have to see if they are addressed in the 04 draft.
I really don't like SHA512, a bit of a hack that was rushed out before SHA3.
More information about the dovecot