Jean-Daniel Dupas via dovecot wrote:> > >> Le 13 f?vr. 2019 ? 14:54, Robert Moskowitz via dovecot >> <dovecot at dovecot.org <mailto:dovecot at dovecot.org>> a ?crit : >> >> >> >> On 2/13/19 8:30 AM, Aki Tuomi wrote: >>> On 13.2.2019 15.18, Robert Moskowitz via dovecot wrote: >>>> >>>> On 2/13/19 1:23 AM, Matthias Fechner via dovecot wrote: >>>>> >>>>> Am 13. Februar 2019 00:34:15 schrieb Robert Moskowitz >>>>> <rgm at htt-consult.com <mailto:rgm at htt-consult.com>>: >>>>> >>>>>> On 2/12/19 6:03 PM, Matthias Fechner via dovecot wrote: >>>>>>> Am 12.02.2019 um 17:05 schrieb Robert Moskowitz via dovecot: >>>>>>>> I have trying to find how to set the dovecot-sql.conf for using >>>>>>>> SHA256/512.? I am going to start clean with the stronger format, not >>>>>>>> migrate from the old MD5.? It seems all I need is: >>>>>>> you maybe would like to have a look to the hashing algo ARGON2I >>>>>>> which is >>>>>>> currently recommended for new developments and deployments. >>>>>> Recommended by whom? >>>>>> >>>>>> Can you provide a link? >>>>> Sure, please see here: >>>>> https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet >>>>> >>>>>> >>>>>> And if I was adventurous about hashes, I would be looking more at >>>>>> Keccak. >>>>>> >>>>>> >>>>>> Check out my Internet Draft: >>>>>> >>>>>> >>>>>> draft-moskowitz-small-crypto-00.txt >>>>> Thanks for the tip, will have a look for into it. >>>> Keccak is a general hashing function.? It was the first? of the >>>> hashing 'sponge' functions, that many have followed.? It is the basis >>>> of SHA3 (at Keccak's greatest strength). >>>> >>>> Argon2 seems to be special-built for password hashing.? Thing is it is >>>> not supported on my CentOS7 system: >>>> >>>> # doveadm pw -l >>>> MD5 MD5-CRYPT SHA SHA1 SHA256 SHA512 SMD5 SSHA SSHA256 SSHA512 PLAIN >>>> CLEAR CLEARTEXT PLAIN-TRUNC CRAM-MD5 SCRAM-SHA-1 HMAC-MD5 DIGEST-MD5 >>>> PLAIN-MD4 PLAIN-MD5 LDAP-MD5 LANMAN NTLM OTP SKEY RPA PBKDF2 CRYPT >>>> SHA256-CRYPT SHA512-CRYPT >>>> >>>> Of course SHA3 is not listed either... >>>> >>>> >>> ARGON2 support is added in dovecot v2.3. It also needs to be enabled >>> when compiling dovecot, so varying from packagers it might or not be >>> available. The CRYPT ones are available if crypt(3) supports them. In >>> dovecot v2.3 we have added bcrypt support regardless of crypt(3) support. >> >> CentOS7 is on dovecot 2.2.36: >> >> # doveadm pw -s ARGON2-CRYPT -p secret >> Fatal: Unknown scheme: ARGON2-CRYPT >> # doveadm pw -s ARGON2 -p secret >> Fatal: Unknown scheme: ARGON2 >> >> I tend to stay with the distro's rpms and not take on building and >> maintaining myself. > > And for the record, the hash names are?ARGON2I and ARGON2ID (see doveadm > pw -l ) > > With dovecot from the dovecot.org <http://dovecot.org> repo: > > # doveadm?pw?-s?ARGON2I?-p?secret > {ARGON2I}$argon2i$v=19$m=32768,t=4,p=1$bt96TSr3nVrho2SRhnNP0A$h7LYiqkw/4s6d1d+0Xpe+VUE3aISPnkYq/R7QqPRntkAlso from dovecot.org <http://dovecot.org> repo: doveadm pw -s ARGON2I -p secret Fatal: Unknown scheme: ARGON2I ???? Marc
On Sun, 17 Feb 2019 at 11:34, Marc Weustink via dovecot <dovecot at dovecot.org> wrote:> Jean-Daniel Dupas via dovecot wrote: > > > > > >> Le 13 f?vr. 2019 ? 14:54, Robert Moskowitz via dovecot > >> <dovecot at dovecot.org <mailto:dovecot at dovecot.org>> a ?crit : > >> > >> > >> > >> On 2/13/19 8:30 AM, Aki Tuomi wrote: > >>> On 13.2.2019 15.18, Robert Moskowitz via dovecot wrote: > >>>> > >>>> On 2/13/19 1:23 AM, Matthias Fechner via dovecot wrote: > >>>>> > >>>>> Am 13. Februar 2019 00:34:15 schrieb Robert Moskowitz > >>>>> <rgm at htt-consult.com <mailto:rgm at htt-consult.com>>: > >>>>> > >>>>>> On 2/12/19 6:03 PM, Matthias Fechner via dovecot wrote: > >>>>>>> Am 12.02.2019 um 17:05 schrieb Robert Moskowitz via dovecot: > >>>>>>>> I have trying to find how to set the dovecot-sql.conf for using > >>>>>>>> SHA256/512. I am going to start clean with the stronger format, > not > >>>>>>>> migrate from the old MD5. It seems all I need is: > >>>>>>> you maybe would like to have a look to the hashing algo ARGON2I > >>>>>>> which is > >>>>>>> currently recommended for new developments and deployments. > >>>>>> Recommended by whom? > >>>>>> > >>>>>> Can you provide a link? > >>>>> Sure, please see here: > >>>>> https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet > >>>>> > >>>>>> > >>>>>> And if I was adventurous about hashes, I would be looking more at > >>>>>> Keccak. > >>>>>> > >>>>>> > >>>>>> Check out my Internet Draft: > >>>>>> > >>>>>> > >>>>>> draft-moskowitz-small-crypto-00.txt > >>>>> Thanks for the tip, will have a look for into it. > >>>> Keccak is a general hashing function. It was the first? of the > >>>> hashing 'sponge' functions, that many have followed. It is the basis > >>>> of SHA3 (at Keccak's greatest strength). > >>>> > >>>> Argon2 seems to be special-built for password hashing. Thing is it is > >>>> not supported on my CentOS7 system: > >>>> > >>>> # doveadm pw -l > >>>> MD5 MD5-CRYPT SHA SHA1 SHA256 SHA512 SMD5 SSHA SSHA256 SSHA512 PLAIN > >>>> CLEAR CLEARTEXT PLAIN-TRUNC CRAM-MD5 SCRAM-SHA-1 HMAC-MD5 DIGEST-MD5 > >>>> PLAIN-MD4 PLAIN-MD5 LDAP-MD5 LANMAN NTLM OTP SKEY RPA PBKDF2 CRYPT > >>>> SHA256-CRYPT SHA512-CRYPT > >>>> > >>>> Of course SHA3 is not listed either... > >>>> > >>>> > >>> ARGON2 support is added in dovecot v2.3. It also needs to be enabled > >>> when compiling dovecot, so varying from packagers it might or not be > >>> available. The CRYPT ones are available if crypt(3) supports them. In > >>> dovecot v2.3 we have added bcrypt support regardless of crypt(3) > support. > >> > >> CentOS7 is on dovecot 2.2.36: > >> > >> # doveadm pw -s ARGON2-CRYPT -p secret > >> Fatal: Unknown scheme: ARGON2-CRYPT > >> # doveadm pw -s ARGON2 -p secret > >> Fatal: Unknown scheme: ARGON2 > >> > >> I tend to stay with the distro's rpms and not take on building and > >> maintaining myself. > > > > And for the record, the hash names are ARGON2I and ARGON2ID (see doveadm > > pw -l ) > > > > With dovecot from the dovecot.org <http://dovecot.org> repo: > > > > # doveadm pw -s ARGON2I -p secret > > > {ARGON2I}$argon2i$v=19$m=32768,t=4,p=1$bt96TSr3nVrho2SRhnNP0A$h7LYiqkw/4s6d1d+0Xpe+VUE3aISPnkYq/R7QqPRntk > > Also from dovecot.org <http://dovecot.org> repo: > > doveadm pw -s ARGON2I -p secret > Fatal: Unknown scheme: ARGON2I > > ???? > > Marc >It works for me over here: [wash at waridi ~]#/opt/dovecot2.3/bin/doveadm pw -s ARGON2I -p secret {ARGON2I}$argon2i$v=19$m=32768,t=4,p=1$9pggnQBea9F3h3O31HoJEA$0zZZgwEuMRVZ3Mc/v6ckpalzVRVCr+GLBWnb8OrgsxU -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", grep ^[^#] :-) -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20190217/cb217f43/attachment-0001.html>
<!doctype html>
<html>
<head>
<meta charset="UTF-8">
</head>
<body>
<div>
<br>
</div>
<blockquote type="cite">
<div>
On 17 February 2019 at 10:38 Odhiambo Washington via dovecot <
<a
href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a>>
wrote:
</div>
<div>
<br>
</div>
<div>
<br>
</div>
<div>
On Sun, 17 Feb 2019 at 11:34, Marc Weustink via dovecot <
<a
href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a>>
</div>
<div>
wrote:
</div>
<div>
<br>
</div>
<blockquote type="cite">
<div>
Jean-Daniel Dupas via dovecot wrote:
</div>
<div>
>
</div>
<div>
>
</div>
<div>
>> Le 13 févr. 2019 à 14:54, Robert Moskowitz via dovecot
</div>
<div>
>> <
<a
href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a>
<mailto:
<a
href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a>>>
a écrit :
</div>
<div>
>>
</div>
<div>
>>
</div>
<div>
>>
</div>
<div>
<br>
</div>
<div>
>>> ARGON2 support is added in dovecot v2.3. It also needs to be
enabled
</div>
<div>
>>> when compiling dovecot, so varying from packagers it might or
not be
</div>
<div>
>>> available. The CRYPT ones are available if crypt(3) supports
them. In
</div>
<div>
>>> dovecot v2.3 we have added bcrypt support regardless of
crypt(3)
</div>
<div>
support.
</div>
<div>
>>
</div>
<div>
>> CentOS7 is on dovecot 2.2.36:
</div>
<div>
>>
</div>
<div>
>> # doveadm pw -s ARGON2-CRYPT -p secret
</div>
<div>
>> Fatal: Unknown scheme: ARGON2-CRYPT
</div>
<div>
>> # doveadm pw -s ARGON2 -p secret
</div>
<div>
>> Fatal: Unknown scheme: ARGON2
</div>
<div>
>>
</div>
<div>
>> I tend to stay with the distro's rpms and not take on building
and
</div>
<div>
>> maintaining myself.
</div>
<div>
>
</div>
<blockquote type="cite">
<div>
And for the record, the hash names are ARGON2I and ARGON2ID (see doveadm
</div>
<div>
pw -l )
</div>
</blockquote>
<blockquote type="cite">
<div>
With dovecot from the dovecot.org <
<a href="http://dovecot.org" rel="noopener"
target="_blank">http://dovecot.org</a>> repo:
</div>
</blockquote>
<blockquote type="cite">
<div>
# doveadm pw -s ARGON2I -p secret
</div>
</blockquote>
<div>
{ARGON2I}$argon2i$v=19$m=32768,t=4,p=1$bt96TSr3nVrho2SRhnNP0A$h7LYiqkw/4s6d1d+0Xpe+VUE3aISPnkYq/R7QqPRntk
</div>
</blockquote>
<blockquote type="cite">
<div>
Also from dovecot.org <
<a href="http://dovecot.org" rel="noopener"
target="_blank">http://dovecot.org</a>> repo:
</div>
</blockquote>
<blockquote type="cite">
<div>
doveadm pw -s ARGON2I -p secret
</div>
<div>
Fatal: Unknown scheme: ARGON2I
</div>
</blockquote>
<blockquote type="cite">
<div>
????
</div>
</blockquote>
<blockquote type="cite">
<div>
Marc
</div>
</blockquote>
<div>
<br>
</div>
<div>
It works for me over here:
</div>
<div>
<br>
</div>
<div>
[wash@waridi ~]#/opt/dovecot2.3/bin/doveadm pw -s ARGON2I -p secret
</div>
<div>
{ARGON2I}$argon2i$v=19$m=32768,t=4,p=1$9pggnQBea9F3h3O31HoJEA$0zZZgwEuMRVZ3Mc/v6ckpalzVRVCr+GLBWnb8OrgsxU
</div>
<div>
<br>
</div>
<div>
<br>
</div>
<div>
--
</div>
<div>
Best regards,
</div>
<div>
Odhiambo WASHINGTON,
</div>
<div>
Nairobi,KE
</div>
<div>
+254 7 3200 0004/+254 7 2274 3223
</div>
<div>
"Oh, the cruft.", grep ^[^#] :-)
</div>
</blockquote>
<div>
<br>
</div>
<div>
I'll check next week if and why argon is missing from ce packages.
</div>
<div class="io-ox-signature">
---
<br>Aki Tuomi
</div>
</body>
</html>
I have built a new server (FreeBSD-12) running dovecot-2.3.4. My old server (FreeBSD-9.3) is running dovecot-2.3.4 as well. The configurations are 1:1 identical. The are about 250 users on this server, all virtual. They are mostly POP3 users, but they do "leave a copy of message on the server" for set various number of days. Now, to migrate the mail data, can I simply rsync the mail directories between the old and the new server? Would that create a pitfall?? What is the recommended method? -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", grep ^[^#] :-) -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20190217/83fda5a7/attachment.html>