PBKDF2 password hashing as in ASP.NET Core

Aki Tuomi aki.tuomi at open-xchange.com
Sun Aug 30 20:27:25 EEST 2020 

In case you are interested,

https://wiki.dovecot.org/HowTo/ConvertPasswordSchemes

By the way, I am bit sceptical that CRYPT-SHA512 is less secure than PBKDF2.

CRYPT-SHA512 is not "just" SHA512(salt||password), it does at least 1000 rounds of hashing in similar way as PBKDF2 does. So, what is your reasoning for claiming that PBKDF2 is much secure than CRYPT-SHA512?

Also, if you look at hashcat cracking speeds, you'll see that the speed of cracking is slower for CRYPT-SHA512 than for PBKDF2-SHA512. See https://github.com/siseci/hashcat-benchmark-comparison/blob/master/1x%20GTX%201080%20TI%20hashcat%20benchmark.txt

Aki

> On 30/08/2020 19:54 Yves Goergen <nospam.list at unclassified.de> wrote:
> 
>  
> Thank you for your reply.
> 
> It's not that simple, though. Just because some core algorithms are 
> standardised and should be compatible doesn't mean their use in 
> different implementations leads to interoperable data. The key point 
> here seems to be that Dovecot just supports SHA-1 with PBKDF2, not 
> SHA-256. So I'm out of luck here. The different formats are no longer 
> relevant then.
> 
> CRYPT-SHA512 is not anywhere near as secure as PBKDF2.
> 
> But I've read and learned a lot about secure password hashing in the 
> past 24 hours. My initial point that PBKDF2 is the state of the art has 
> been disproved already. This order seems to be the case [1]:
> 
> MD5/SHA1 << SHA2 << PBKDF2 < bcrypt < scrypt < Argon2
> 
> So I've changed my plans and try to go for Argon2 now. I found support 
> for .NET Core [2] and Python [3].
> 
> My original question is kind of obsolete now because I also found 
> another requirement: password rehashing. I'm migrating from an old 
> database that has CRYPT-SHA512 hashes and want to upgrade them to 
> Argon2. This affects multiple services (IMAP, SMTP, FTP, Management UI) 
> so I think I'll better make a central authentication service that has 
> all the passwords and crypto in one place and handles requests from 
> those service daemons.
> 
> I'm currently investigating how to build such a service and integrate it 
> into the services. Maybe a Unix socket is a good communication channel. 
> Dovecot should be able to query it with a custom Lua script. Haven't 
> looked into the other services yet. That auth service could be built 
> with Python for isolation from other services, high availability and 
> relatively low memory footprint. It connects to the database, reads and 
> updates the hashes and does all the crypto for its clients.
> 
> Any suggestions about how to do that?
> 
> Yves
> 
> 
> [1] https://cryptobook.nakov.com/mac-and-key-derivation/argon2
> [2] https://github.com/tabrath/libsodium-core
> [3] https://passlib.readthedocs.io/en/stable/lib/passlib.hash.argon2.html
> 
> 
> 
> -------- Ursprüngliche Nachricht --------
> Von: Aki Tuomi <aki.tuomi at open-xchange.com>
> Gesendet: Sonntag, 30. August 2020, 16:33 MESZ
> Betreff: PBKDF2 password hashing as in ASP.NET Core
> 
> 
> Hi!
> 
> The PBKDF2 algorithm is standard and should be compatible with ASP.NET Core.
> 
> The salt parameter is 16 symbols from the salt character set
> 
> ./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
> 
> followed by number of rounds
> 
> hash is hex encoded 160-bit value which comes out of the PBKDF2 function 
> with SHA1.
> 
> Dovecot does not currently have support for PBKDF2-SHA256, only 
> PBKDF2-SHA1. You could use CRYPT-SHA512 instead which is probably just 
> as good?
> 
> Aki

More information about the dovecot mailing list