Kristijan Savic - ratiokontakt GmbH
2019-Mar-06 16:16 UTC
Strange behaviour with BLF-CRYPT and SHA*-CRYPT pasword schemas
Greetings, this is less of a bug report or a help request, but we would like to know if someone can explain the following: Environment: Centos 7 with Dovecot 2.3.4-2 default_pass_scheme = BLF-CRYPT password hash in database : BLF-CRYPT login = works default_pass_scheme = SHA512 or SHA256-CRYPT password hash in database : BLF-CRYPT login = also works default_pass_scheme = BLF-CRYPT password hash in database : SHA512-CRYPT login = does not work Can someone explain these discrepancies? -- Kind regards, Kristijan Savic -------------------------------------------------------- ratiokontakt GmbH Biegenhofstr. 13 96103 Hallstadt Telefon: +49 (0) 951 9 35 35 - 0 Telefax: +49 (0) 951 9 35 35 - 902 Internet: www.ratiokontakt.de Gesch?ftsf?hrer: Dr. Nils Kaufmann, Stefan Kraft Amtsgericht Bamberg - HRB 3757 -------------------------------------------------------- ratiokontakt ist zertifiziert nach DIN ISO/IEC 27001 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: This is a digitally signed message part. URL: <https://dovecot.org/pipermail/dovecot/attachments/20190306/c9d7a8fe/attachment.sig>
Aki Tuomi
2019-Mar-06 16:57 UTC
Strange behaviour with BLF-CRYPT and SHA*-CRYPT pasword schemas
<!doctype html>
<html>
<head>
<meta charset="UTF-8">
</head>
<body>
<div>
<br>
</div>
<blockquote type="cite">
<div>
On 6 March 2019 18:16 Kristijan Savic - ratiokontakt GmbH via dovecot <
<a
href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a>>
wrote:
</div>
<div>
<br>
</div>
<div>
<br>
</div>
<div>
Greetings,
</div>
<div>
<br>
</div>
<div>
this is less of a bug report or a help request, but we would like to know if
</div>
<div>
someone can explain the following:
</div>
<div>
<br>
</div>
<div>
Environment: Centos 7 with Dovecot 2.3.4-2
</div>
<div>
<br>
</div>
<div>
default_pass_scheme = BLF-CRYPT
</div>
<div>
password hash in database : BLF-CRYPT
</div>
<div>
login = works
</div>
<div>
<br>
</div>
<div>
default_pass_scheme = SHA512 or SHA256-CRYPT
</div>
<div>
password hash in database : BLF-CRYPT
</div>
<div>
login = also works
</div>
<div>
<br>
</div>
<div>
default_pass_scheme = BLF-CRYPT
</div>
<div>
password hash in database : SHA512-CRYPT
</div>
<div>
login = does not work
</div>
<div>
<br>
</div>
<div>
Can someone explain these discrepancies?
</div>
<div>
<br>
</div>
<div>
--
</div>
<div>
Kind regards,
</div>
<div>
Kristijan Savic
</div>
<div>
<br>
</div>
<div>
--------------------------------------------------------
</div>
<div>
ratiokontakt GmbH
</div>
<div>
Biegenhofstr. 13
</div>
<div>
96103 Hallstadt
</div>
<div>
Telefon: +49 (0) 951 9 35 35 - 0
</div>
<div>
Telefax: +49 (0) 951 9 35 35 - 902
</div>
<div>
Internet: www.ratiokontakt.de
</div>
<div>
Geschäftsführer: Dr. Nils Kaufmann, Stefan Kraft
</div>
<div>
Amtsgericht Bamberg - HRB 3757
</div>
<div>
--------------------------------------------------------
</div>
<div>
ratiokontakt ist zertifiziert nach DIN ISO/IEC 27001
</div>
</blockquote>
<div>
You could configure default scheme as CRYPT. It covers these all. Otherwise
you need to make sure passwords have {SCHEME} prefix when it differs from
default or oddities occur.
</div>
<div class="io-ox-signature">
<pre>---
Aki Tuomi</pre>
</div>
</body>
</html>
Kristijan Savic - ratiokontakt GmbH
2019-Mar-07 12:00 UTC
Strange behaviour with BLF-CRYPT and SHA*-CRYPT pasword schemas
> You could configure default scheme as CRYPT. It covers these all. Otherwise > you need to make sure passwords have {SCHEME} prefix when it differs from > default or oddities occur. ---Thank you for the tip with CRYPT. Is there any explanation for this behaviour though? Why are BCRYPT hashes accepted when default_pass_scheme is set to SHA512-CRYPT and not vice versa? Is this normal? -- Regards, Kristijan Savic -------------------------------------------------------- ratiokontakt GmbH Biegenhofstr. 13 96103 Hallstadt Telefon: +49 (0) 951 9 35 35 - 0 Telefax: +49 (0) 951 9 35 35 - 902 Internet: www.ratiokontakt.de Gesch?ftsf?hrer: Dr. Nils Kaufmann, Stefan Kraft Amtsgericht Bamberg - HRB 3757 -------------------------------------------------------- ratiokontakt ist zertifiziert nach DIN ISO/IEC 27001 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: This is a digitally signed message part. URL: <https://dovecot.org/pipermail/dovecot/attachments/20190307/dd761157/attachment.sig>
Possibly Parallel Threads
- Strange behaviour with BLF-CRYPT and SHA*-CRYPT pasword schemas
- Strange behaviour with BLF-CRYPT and SHA*-CRYPT pasword schemas
- Strange behaviour with BLF-CRYPT and SHA*-CRYPT pasword schemas
- Sieve operation "send copy" not working since upgrade from dovecot 2.2.31-1 to 2.3.5.1-1
- sometimes no shared cipher after upgrade from 2.2 to 2.3