<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<br>
<br>
<div class="moz-cite-prefix">On 2/13/19 10:53 AM, Jean-Daniel Dupas
via dovecot wrote:<br>
</div>
<blockquote type="cite"
cite="mid:99C59FB6-9D58-45AF-88DF-274EAF27B94C@xooloo.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<br class="">
<div><br class="">
<blockquote type="cite" class="">
<div class="">Le 13 févr. 2019 à 14:54, Robert Moskowitz via
dovecot <<a href="mailto:dovecot@dovecot.org" class=""
moz-do-not-send="true">dovecot@dovecot.org</a>> a écrit
:</div>
<br class="Apple-interchange-newline">
<div class=""><br style="caret-color: rgb(0, 0, 0);
font-family: Helvetica; font-size: 12px; font-style:
normal; font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; text-align: start; text-indent:
0px; text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration: none;" class="">
<br style="caret-color: rgb(0, 0, 0); font-family:
Helvetica; font-size: 12px; font-style: normal;
font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; text-align: start; text-indent:
0px; text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration: none;" class="">
<span style="caret-color: rgb(0, 0, 0); font-family:
Helvetica; font-size: 12px; font-style: normal;
font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; text-align: start; text-indent:
0px; text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration: none; float: none; display: inline
!important;" class="">On 2/13/19 8:30 AM, Aki Tuomi wrote:</span><br
style="caret-color: rgb(0, 0, 0); font-family: Helvetica;
font-size: 12px; font-style: normal; font-variant-caps:
normal; font-weight: normal; letter-spacing: normal;
text-align: start; text-indent: 0px; text-transform: none;
white-space: normal; word-spacing: 0px;
-webkit-text-stroke-width: 0px; text-decoration: none;"
class="">
<blockquote type="cite" style="font-family: Helvetica;
font-size: 12px; font-style: normal; font-variant-caps:
normal; font-weight: normal; letter-spacing: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-size-adjust: auto;
-webkit-text-stroke-width: 0px; text-decoration: none;"
class="">On 13.2.2019 15.18, Robert Moskowitz via dovecot
wrote:<br class="">
<blockquote type="cite" class=""><br class="">
On 2/13/19 1:23 AM, Matthias Fechner via dovecot wrote:<br
class="">
<blockquote type="cite" class=""><br class="">
Am 13. Februar 2019 00:34:15 schrieb Robert Moskowitz<br
class="">
<<a href="mailto:rgm@htt-consult.com" class=""
moz-do-not-send="true">rgm@htt-consult.com</a>>:<br
class="">
<br class="">
<blockquote type="cite" class="">On 2/12/19 6:03 PM,
Matthias Fechner via dovecot wrote:<br class="">
<blockquote type="cite" class="">Am 12.02.2019 um
17:05 schrieb Robert Moskowitz via dovecot:<br
class="">
<blockquote type="cite" class="">I have trying to
find how to set the dovecot-sql.conf for using<br
class="">
SHA256/512. I am going to start clean with the
stronger format, not<br class="">
migrate from the old MD5. It seems all I need
is:<br class="">
</blockquote>
you maybe would like to have a look to the hashing
algo ARGON2I<br class="">
which is<br class="">
currently recommended for new developments and
deployments.<br class="">
</blockquote>
Recommended by whom?<br class="">
<br class="">
Can you provide a link?<br class="">
</blockquote>
Sure, please see here:<br class="">
<a
href="https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet"
class="" moz-do-not-send="true">https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet</a><br
class="">
<br class="">
<blockquote type="cite" class=""><br class="">
And if I was adventurous about hashes, I would be
looking more at<br class="">
Keccak.<br class="">
<br class="">
<br class="">
Check out my Internet Draft:<br class="">
<br class="">
<br class="">
draft-moskowitz-small-crypto-00.txt<br class="">
</blockquote>
Thanks for the tip, will have a look for into it.<br
class="">
</blockquote>
Keccak is a general hashing function. It was the first?
of the<br class="">
hashing 'sponge' functions, that many have followed. It
is the basis<br class="">
of SHA3 (at Keccak's greatest strength).<br class="">
<br class="">
Argon2 seems to be special-built for password hashing.
Thing is it is<br class="">
not supported on my CentOS7 system:<br class="">
<br class="">
# doveadm pw -l<br class="">
MD5 MD5-CRYPT SHA SHA1 SHA256 SHA512 SMD5 SSHA SSHA256
SSHA512 PLAIN<br class="">
CLEAR CLEARTEXT PLAIN-TRUNC CRAM-MD5 SCRAM-SHA-1
HMAC-MD5 DIGEST-MD5<br class="">
PLAIN-MD4 PLAIN-MD5 LDAP-MD5 LANMAN NTLM OTP SKEY RPA
PBKDF2 CRYPT<br class="">
SHA256-CRYPT SHA512-CRYPT<br class="">
<br class="">
Of course SHA3 is not listed either...<br class="">
<br class="">
<br class="">
</blockquote>
ARGON2 support is added in dovecot v2.3. It also needs to
be enabled<br class="">
when compiling dovecot, so varying from packagers it might
or not be<br class="">
available. The CRYPT ones are available if crypt(3)
supports them. In<br class="">
dovecot v2.3 we have added bcrypt support regardless of
crypt(3) support.<br class="">
</blockquote>
<br style="caret-color: rgb(0, 0, 0); font-family:
Helvetica; font-size: 12px; font-style: normal;
font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; text-align: start; text-indent:
0px; text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration: none;" class="">
<span style="caret-color: rgb(0, 0, 0); font-family:
Helvetica; font-size: 12px; font-style: normal;
font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; text-align: start; text-indent:
0px; text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration: none; float: none; display: inline
!important;" class="">CentOS7 is on dovecot 2.2.36:</span><br
style="caret-color: rgb(0, 0, 0); font-family: Helvetica;
font-size: 12px; font-style: normal; font-variant-caps:
normal; font-weight: normal; letter-spacing: normal;
text-align: start; text-indent: 0px; text-transform: none;
white-space: normal; word-spacing: 0px;
-webkit-text-stroke-width: 0px; text-decoration: none;"
class="">
<br style="caret-color: rgb(0, 0, 0); font-family:
Helvetica; font-size: 12px; font-style: normal;
font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; text-align: start; text-indent:
0px; text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration: none;" class="">
<span style="caret-color: rgb(0, 0, 0); font-family:
Helvetica; font-size: 12px; font-style: normal;
font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; text-align: start; text-indent:
0px; text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration: none; float: none; display: inline
!important;" class=""># doveadm pw -s ARGON2-CRYPT -p
secret</span><br style="caret-color: rgb(0, 0, 0);
font-family: Helvetica; font-size: 12px; font-style:
normal; font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; text-align: start; text-indent:
0px; text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration: none;" class="">
<span style="caret-color: rgb(0, 0, 0); font-family:
Helvetica; font-size: 12px; font-style: normal;
font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; text-align: start; text-indent:
0px; text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration: none; float: none; display: inline
!important;" class="">Fatal: Unknown scheme: ARGON2-CRYPT</span><br
style="caret-color: rgb(0, 0, 0); font-family: Helvetica;
font-size: 12px; font-style: normal; font-variant-caps:
normal; font-weight: normal; letter-spacing: normal;
text-align: start; text-indent: 0px; text-transform: none;
white-space: normal; word-spacing: 0px;
-webkit-text-stroke-width: 0px; text-decoration: none;"
class="">
<span style="caret-color: rgb(0, 0, 0); font-family:
Helvetica; font-size: 12px; font-style: normal;
font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; text-align: start; text-indent:
0px; text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration: none; float: none; display: inline
!important;" class=""># doveadm pw -s ARGON2 -p secret</span><br
style="caret-color: rgb(0, 0, 0); font-family: Helvetica;
font-size: 12px; font-style: normal; font-variant-caps:
normal; font-weight: normal; letter-spacing: normal;
text-align: start; text-indent: 0px; text-transform: none;
white-space: normal; word-spacing: 0px;
-webkit-text-stroke-width: 0px; text-decoration: none;"
class="">
<span style="caret-color: rgb(0, 0, 0); font-family:
Helvetica; font-size: 12px; font-style: normal;
font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; text-align: start; text-indent:
0px; text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration: none; float: none; display: inline
!important;" class="">Fatal: Unknown scheme: ARGON2</span><br
style="caret-color: rgb(0, 0, 0); font-family: Helvetica;
font-size: 12px; font-style: normal; font-variant-caps:
normal; font-weight: normal; letter-spacing: normal;
text-align: start; text-indent: 0px; text-transform: none;
white-space: normal; word-spacing: 0px;
-webkit-text-stroke-width: 0px; text-decoration: none;"
class="">
<br style="caret-color: rgb(0, 0, 0); font-family:
Helvetica; font-size: 12px; font-style: normal;
font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; text-align: start; text-indent:
0px; text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration: none;" class="">
<span style="caret-color: rgb(0, 0, 0); font-family:
Helvetica; font-size: 12px; font-style: normal;
font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; text-align: start; text-indent:
0px; text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration: none; float: none; display: inline
!important;" class="">I tend to stay with the distro's
rpms and not take on building and maintaining myself.</span></div>
</blockquote>
<br class="">
</div>
<div>And for the record, the hash names are ARGON2I and ARGON2ID
(see doveadm pw -l )</div>
<div><br class="">
</div>
With dovecot from the <a href="http://dovecot.org" class=""
moz-do-not-send="true">dovecot.org</a> repo:
<div class=""><br class="">
<div class=""># doveadm pw -s ARGON2I -p secret</div>
<div class="">{ARGON2I}$argon2i$v=19$m=32768,t=4,p=1$bt96TSr3nVrho2SRhnNP0A$h7LYiqkw/4s6d1d+0Xpe+VUE3aISPnkYq/R7QqPRntk<br
class="">
<div class=""><br class="">
</div>
</div>
</div>
</blockquote>
For those with dovecot v 2.3....<br>
<br>
I will note this for the future.<br>
<br>
<br>
</body>
</html>