Kristijan Savic - ratiokontakt GmbH
2019-Mar-06 16:16 UTC
Strange behaviour with BLF-CRYPT and SHA*-CRYPT pasword schemas
Greetings, this is less of a bug report or a help request, but we would like to know if someone can explain the following: Environment: Centos 7 with Dovecot 2.3.4-2 default_pass_scheme = BLF-CRYPT password hash in database : BLF-CRYPT login = works default_pass_scheme = SHA512 or SHA256-CRYPT password hash in database : BLF-CRYPT login = also works default_pass_scheme = BLF-CRYPT password hash in database : SHA512-CRYPT login = does not work Can someone explain these discrepancies? -- Kind regards, Kristijan Savic -------------------------------------------------------- ratiokontakt GmbH Biegenhofstr. 13 96103 Hallstadt Telefon: +49 (0) 951 9 35 35 - 0 Telefax: +49 (0) 951 9 35 35 - 902 Internet: www.ratiokontakt.de Gesch?ftsf?hrer: Dr. Nils Kaufmann, Stefan Kraft Amtsgericht Bamberg - HRB 3757 -------------------------------------------------------- ratiokontakt ist zertifiziert nach DIN ISO/IEC 27001 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: This is a digitally signed message part. URL: <https://dovecot.org/pipermail/dovecot/attachments/20190306/c9d7a8fe/attachment.sig>
Aki Tuomi
2019-Mar-06 16:57 UTC
Strange behaviour with BLF-CRYPT and SHA*-CRYPT pasword schemas
<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> <br> </div> <blockquote type="cite"> <div> On 6 March 2019 18:16 Kristijan Savic - ratiokontakt GmbH via dovecot < <a href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a>> wrote: </div> <div> <br> </div> <div> <br> </div> <div> Greetings, </div> <div> <br> </div> <div> this is less of a bug report or a help request, but we would like to know if </div> <div> someone can explain the following: </div> <div> <br> </div> <div> Environment: Centos 7 with Dovecot 2.3.4-2 </div> <div> <br> </div> <div> default_pass_scheme = BLF-CRYPT </div> <div> password hash in database : BLF-CRYPT </div> <div> login = works </div> <div> <br> </div> <div> default_pass_scheme = SHA512 or SHA256-CRYPT </div> <div> password hash in database : BLF-CRYPT </div> <div> login = also works </div> <div> <br> </div> <div> default_pass_scheme = BLF-CRYPT </div> <div> password hash in database : SHA512-CRYPT </div> <div> login = does not work </div> <div> <br> </div> <div> Can someone explain these discrepancies? </div> <div> <br> </div> <div> -- </div> <div> Kind regards, </div> <div> Kristijan Savic </div> <div> <br> </div> <div> -------------------------------------------------------- </div> <div> ratiokontakt GmbH </div> <div> Biegenhofstr. 13 </div> <div> 96103 Hallstadt </div> <div> Telefon: +49 (0) 951 9 35 35 - 0 </div> <div> Telefax: +49 (0) 951 9 35 35 - 902 </div> <div> Internet: www.ratiokontakt.de </div> <div> Geschäftsführer: Dr. Nils Kaufmann, Stefan Kraft </div> <div> Amtsgericht Bamberg - HRB 3757 </div> <div> -------------------------------------------------------- </div> <div> ratiokontakt ist zertifiziert nach DIN ISO/IEC 27001 </div> </blockquote> <div> You could configure default scheme as CRYPT. It covers these all. Otherwise you need to make sure passwords have {SCHEME} prefix when it differs from default or oddities occur. </div> <div class="io-ox-signature"> <pre>--- Aki Tuomi</pre> </div> </body> </html>
Kristijan Savic - ratiokontakt GmbH
2019-Mar-07 12:00 UTC
Strange behaviour with BLF-CRYPT and SHA*-CRYPT pasword schemas
> You could configure default scheme as CRYPT. It covers these all. Otherwise > you need to make sure passwords have {SCHEME} prefix when it differs from > default or oddities occur. ---Thank you for the tip with CRYPT. Is there any explanation for this behaviour though? Why are BCRYPT hashes accepted when default_pass_scheme is set to SHA512-CRYPT and not vice versa? Is this normal? -- Regards, Kristijan Savic -------------------------------------------------------- ratiokontakt GmbH Biegenhofstr. 13 96103 Hallstadt Telefon: +49 (0) 951 9 35 35 - 0 Telefax: +49 (0) 951 9 35 35 - 902 Internet: www.ratiokontakt.de Gesch?ftsf?hrer: Dr. Nils Kaufmann, Stefan Kraft Amtsgericht Bamberg - HRB 3757 -------------------------------------------------------- ratiokontakt ist zertifiziert nach DIN ISO/IEC 27001 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: This is a digitally signed message part. URL: <https://dovecot.org/pipermail/dovecot/attachments/20190307/dd761157/attachment.sig>
Possibly Parallel Threads
- Strange behaviour with BLF-CRYPT and SHA*-CRYPT pasword schemas
- Strange behaviour with BLF-CRYPT and SHA*-CRYPT pasword schemas
- Strange behaviour with BLF-CRYPT and SHA*-CRYPT pasword schemas
- Sieve operation "send copy" not working since upgrade from dovecot 2.2.31-1 to 2.3.5.1-1
- sometimes no shared cipher after upgrade from 2.2 to 2.3