dovecot - Oct 2007 - Custom password encryption scheme, how to do it?

Hi all,

   I'm a fairly recent convert to Dovecot/Postfix from Sendmail, so
please be gentle (and assume I know nothing). :)

   I've got a Postfix/Dovecot/PostgreSQL setup with a custom DB schema
for my email. This database is also used for a bigger program I use for
all my hosting needs (domains, etc.). Currently, I've set it up to use
plain-text authentication while I was developing it and getting things
running. Now though it's up and running fine, so I want to increase the
strength of my passwords that Postfix/Dovecot use.

   I currently have two fields in a table called 'users';
'usr_password'
which is plain-text and what Postfix/Dovecot currently use and
'usr_strong_password', which stores a stronger hash and is used by the
main program.

   My question is, can I have Postfix/Dovecot use a custom password
hashing system?

   The way I store my strong password (as used by the web-interface) is;

- Take the password provided from the user
- Read a stored 'salt' value from the database (unique per user and
changed on password [re]sets).
- Generate an initial SHA256 hash out of the password+salt.
- Re-hash the initial SHA256 hash many thousands of times.
- Compare the final hash with the hash stored in 'usr_strong_password'.

   If I can tell Dovecot how to do this, where would I do it? Is there a
document/howto/etc someone could point me to? Is there a file I should
look at?

   Thanks all!!

Madi

> - Generate an initial SHA256 hash out of the password+salt.
> - Re-hash the initial SHA256 hash many thousands of times.
As an aside you should do some research to determine if the second of 
these steps adds any value.  I don't believe that there is a known way 
to reverse an SHA256 hash, and if one is discovered it's not immediately 
obvious that the technique would not break the case of it being applied 
multiple times...

Also the keyspace of a password with say 8 alphanumeric chars is very 
much smaller than an SHA256 space, so you have a big bruteforce issue 
already

Basically it's not immediately obvious that step 2 adds any or at least 
significant value.  Perhaps instead use a larger salt?

If you are using sql lookups then of course you can code all kinds of 
stuff as part of the lookup...

Good luck


Ed W

On Mon, 2007-10-01 at 13:10 -0400, Madison Kelly wrote:
>    My question is, can I have Postfix/Dovecot use a custom password
> hashing system?
http://dovecot.org/patches/password-scheme-lmpass.c is an example
plugin. It's been written a long time ago, so I'm not sure if it still
works with v1.0. I think it should.

So the idea is that you'll define a "struct password_scheme
<pluginname>_scheme" and implement the verify and generate functions.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20071006/289942fb/attachment-0002.bin>