PBKDF2 password hashing as in ASP.NET Core
Aki Tuomi
aki.tuomi at open-xchange.com
Sun Aug 30 20:27:25 EEST 2020
In case you are interested,
https://wiki.dovecot.org/HowTo/ConvertPasswordSchemes
By the way, I am bit sceptical that CRYPT-SHA512 is less secure than PBKDF2.
CRYPT-SHA512 is not "just" SHA512(salt||password), it does at least 1000 rounds of hashing in similar way as PBKDF2 does. So, what is your reasoning for claiming that PBKDF2 is much secure than CRYPT-SHA512?
Also, if you look at hashcat cracking speeds, you'll see that the speed of cracking is slower for CRYPT-SHA512 than for PBKDF2-SHA512. See https://github.com/siseci/hashcat-benchmark-comparison/blob/master/1x%20GTX%201080%20TI%20hashcat%20benchmark.txt
Aki
> On 30/08/2020 19:54 Yves Goergen <nospam.list at unclassified.de> wrote:
>
>
> Thank you for your reply.
>
> It's not that simple, though. Just because some core algorithms are
> standardised and should be compatible doesn't mean their use in
> different implementations leads to interoperable data. The key point
> here seems to be that Dovecot just supports SHA-1 with PBKDF2, not
> SHA-256. So I'm out of luck here. The different formats are no longer
> relevant then.
>
> CRYPT-SHA512 is not anywhere near as secure as PBKDF2.
>
> But I've read and learned a lot about secure password hashing in the
> past 24 hours. My initial point that PBKDF2 is the state of the art has
> been disproved already. This order seems to be the case [1]:
>
> MD5/SHA1 << SHA2 << PBKDF2 < bcrypt < scrypt < Argon2
>
> So I've changed my plans and try to go for Argon2 now. I found support
> for .NET Core [2] and Python [3].
>
> My original question is kind of obsolete now because I also found
> another requirement: password rehashing. I'm migrating from an old
> database that has CRYPT-SHA512 hashes and want to upgrade them to
> Argon2. This affects multiple services (IMAP, SMTP, FTP, Management UI)
> so I think I'll better make a central authentication service that has
> all the passwords and crypto in one place and handles requests from
> those service daemons.
>
> I'm currently investigating how to build such a service and integrate it
> into the services. Maybe a Unix socket is a good communication channel.
> Dovecot should be able to query it with a custom Lua script. Haven't
> looked into the other services yet. That auth service could be built
> with Python for isolation from other services, high availability and
> relatively low memory footprint. It connects to the database, reads and
> updates the hashes and does all the crypto for its clients.
>
> Any suggestions about how to do that?
>
> Yves
>
>
> [1] https://cryptobook.nakov.com/mac-and-key-derivation/argon2
> [2] https://github.com/tabrath/libsodium-core
> [3] https://passlib.readthedocs.io/en/stable/lib/passlib.hash.argon2.html
>
>
>
> -------- Ursprüngliche Nachricht --------
> Von: Aki Tuomi <aki.tuomi at open-xchange.com>
> Gesendet: Sonntag, 30. August 2020, 16:33 MESZ
> Betreff: PBKDF2 password hashing as in ASP.NET Core
>
>
> Hi!
>
> The PBKDF2 algorithm is standard and should be compatible with ASP.NET Core.
>
> The salt parameter is 16 symbols from the salt character set
>
> ./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
>
> followed by number of rounds
>
> hash is hex encoded 160-bit value which comes out of the PBKDF2 function
> with SHA1.
>
> Dovecot does not currently have support for PBKDF2-SHA256, only
> PBKDF2-SHA1. You could use CRYPT-SHA512 instead which is probably just
> as good?
>
> Aki
More information about the dovecot
mailing list