(I subscribed to a daily digest for this list and can?t figure out how to reply to a reply.) Anyway, Aki Tuomi replied to my feature request saying:> We support in latest 2.2 release > > MD5 MD5-CRYPT SHA SHA1 SHA256 SHA512 SMD5 SSHA SSHA256 SSHA512 PLAIN > CLEAR CLEARTEXT PLAIN-TRUNC CRAM-MD5 SCRAM-SHA-1 HMAC-MD5 DIGEST-MD5 > PLAIN-MD4 PLAIN-MD5 LDAP-MD5 LANMAN NTLM OTP SKEY RPA CRYPT SHA256-CRYPT > SHA512-CRYPT > > There is also blowfish support as BLF-CRYPT, but that requires that your > system supports it. CRYPT supports whatever your crypt() supports. >The reason I suggest building in fallback hash type support is that my install of Dovecot on Ubuntu 14.04 didn?t support SHA512-CRYPT or BLF-CRYPT. If Dovecot just included the PHP .c files to make sure it can process Blowfish/SHA512 password hashes on all installs, it would greatly simplify adding Dovecot as a service for my existing user accounts (without forcing them to give their password for the site so I can generate new hashes in a form that Dovecot supports). SHA256-CRYPT is probably my best option for password hashing since it supports ROUNDS to make hash generation slower. But, I would rather use BLF-CRYPT so I can re-use my existing hashes for my user accounts. Kevin
On 03.06.2016 15:14, KT Walrus wrote:> (I subscribed to a daily digest for this list and can?t figure out how to reply to a reply.) > > Anyway, Aki Tuomi replied to my feature request saying: > >> We support in latest 2.2 release >> >> MD5 MD5-CRYPT SHA SHA1 SHA256 SHA512 SMD5 SSHA SSHA256 SSHA512 PLAIN >> CLEAR CLEARTEXT PLAIN-TRUNC CRAM-MD5 SCRAM-SHA-1 HMAC-MD5 DIGEST-MD5 >> PLAIN-MD4 PLAIN-MD5 LDAP-MD5 LANMAN NTLM OTP SKEY RPA CRYPT SHA256-CRYPT >> SHA512-CRYPT >> >> There is also blowfish support as BLF-CRYPT, but that requires that your >> system supports it. CRYPT supports whatever your crypt() supports. >> > The reason I suggest building in fallback hash type support is that my install of Dovecot on Ubuntu 14.04 didn?t support SHA512-CRYPT or BLF-CRYPT. > > If Dovecot just included the PHP .c files to make sure it can process Blowfish/SHA512 password hashes on all installs, it would greatly simplify adding Dovecot as a service for my existing user accounts (without forcing them to give their password for the site so I can generate new hashes in a form that Dovecot supports). SHA256-CRYPT is probably my best option for password hashing since it supports ROUNDS to make hash generation slower. But, I would rather use BLF-CRYPT so I can re-use my existing hashes for my user accounts. > > KevinUnfortunately "just including" files from another project is not that straightforward. We can see if we could add BLF-CRYPT support to core even if system does not support it. Aki
Quoting KT Walrus <kevin at my.walr.us>:> (I subscribed to a daily digest for this list and can?t figure out > how to reply to a reply.) > > Anyway, Aki Tuomi replied to my feature request saying: > >> We support in latest 2.2 release >> >> MD5 MD5-CRYPT SHA SHA1 SHA256 SHA512 SMD5 SSHA SSHA256 SSHA512 PLAIN >> CLEAR CLEARTEXT PLAIN-TRUNC CRAM-MD5 SCRAM-SHA-1 HMAC-MD5 DIGEST-MD5 >> PLAIN-MD4 PLAIN-MD5 LDAP-MD5 LANMAN NTLM OTP SKEY RPA CRYPT SHA256-CRYPT >> SHA512-CRYPT >> >> There is also blowfish support as BLF-CRYPT, but that requires that your >> system supports it. CRYPT supports whatever your crypt() supports. >> > > The reason I suggest building in fallback hash type support is that > my install of Dovecot on Ubuntu 14.04 didn?t support SHA512-CRYPT or > BLF-CRYPT. > > If Dovecot just included the PHP .c files to make sure it can > process Blowfish/SHA512 password hashes on all installs, it would > greatly simplify adding Dovecot as a service for my existing user > accounts (without forcing them to give their password for the site > so I can generate new hashes in a form that Dovecot supports). > SHA256-CRYPT is probably my best option for password hashing since > it supports ROUNDS to make hash generation slower. But, I would > rather use BLF-CRYPT so I can re-use my existing hashes for my user > accounts.I would love to know why your ubuntu 14.04 system doesn't support sha512-crypt. My dovecot installs have only ever used sha512-crypt since 2008. Been using ubuntu since 7.04 with sha512-crypt, and my current systems running 14.04 and 16.04 both use sha512-crypt. The default password hash for system user accounts in ubuntu has been sha512-crypt for a very long time now.
> I would love to know why your ubuntu 14.04 system doesn't support sha512-crypt.I just tried SHA512-CRYPT and it is supported on Ubuntu 14.04. I think I was thinking about DBMail instead of Dovecot. I could really use support for BLF-CRYPT since my current password hashes generated by PHP are using Blowfish encryption. Maybe, Dovecot could just add support for BLF-CRYPT by using the open source implementation of Blowfish hashing found in https://github.com/php/php-src/tree/master/ext/standard <https://github.com/php/php-src/tree/master/ext/standard>. The implementation looks like a single function to generate the hash. I?m not much of a programmer, but it would seem to me that these .c/.h files could be added to Dovecot for doing BLF-CRYPT hashing. This would mean all installations of Dovecot going forward would support BLF-CRYPT regardless of whether the crypt libraries have Blowfish built in. Kevin> On Jun 4, 2016, at 9:53 AM, Patrick Domack <patrickdk at patrickdk.com> wrote: > > > Quoting KT Walrus <kevin at my.walr.us <mailto:kevin at my.walr.us>>: > >> (I subscribed to a daily digest for this list and can?t figure out how to reply to a reply.) >> >> Anyway, Aki Tuomi replied to my feature request saying: >> >>> We support in latest 2.2 release >>> >>> MD5 MD5-CRYPT SHA SHA1 SHA256 SHA512 SMD5 SSHA SSHA256 SSHA512 PLAIN >>> CLEAR CLEARTEXT PLAIN-TRUNC CRAM-MD5 SCRAM-SHA-1 HMAC-MD5 DIGEST-MD5 >>> PLAIN-MD4 PLAIN-MD5 LDAP-MD5 LANMAN NTLM OTP SKEY RPA CRYPT SHA256-CRYPT >>> SHA512-CRYPT >>> >>> There is also blowfish support as BLF-CRYPT, but that requires that your >>> system supports it. CRYPT supports whatever your crypt() supports. >>> >> >> The reason I suggest building in fallback hash type support is that my install of Dovecot on Ubuntu 14.04 didn?t support SHA512-CRYPT or BLF-CRYPT. >> >> If Dovecot just included the PHP .c files to make sure it can process Blowfish/SHA512 password hashes on all installs, it would greatly simplify adding Dovecot as a service for my existing user accounts (without forcing them to give their password for the site so I can generate new hashes in a form that Dovecot supports). SHA256-CRYPT is probably my best option for password hashing since it supports ROUNDS to make hash generation slower. But, I would rather use BLF-CRYPT so I can re-use my existing hashes for my user accounts. > > I would love to know why your ubuntu 14.04 system doesn't support sha512-crypt. > > My dovecot installs have only ever used sha512-crypt since 2008. Been using ubuntu since 7.04 with sha512-crypt, and my current systems running 14.04 and 16.04 both use sha512-crypt. > > The default password hash for system user accounts in ubuntu has been sha512-crypt for a very long time now.