Kristijan Savic - ratiokontakt GmbH
2019-Mar-07 12:00 UTC
Strange behaviour with BLF-CRYPT and SHA*-CRYPT pasword schemas
> You could configure default scheme as CRYPT. It covers these all. Otherwise > you need to make sure passwords have {SCHEME} prefix when it differs from > default or oddities occur. ---Thank you for the tip with CRYPT. Is there any explanation for this behaviour though? Why are BCRYPT hashes accepted when default_pass_scheme is set to SHA512-CRYPT and not vice versa? Is this normal? -- Regards, Kristijan Savic -------------------------------------------------------- ratiokontakt GmbH Biegenhofstr. 13 96103 Hallstadt Telefon: +49 (0) 951 9 35 35 - 0 Telefax: +49 (0) 951 9 35 35 - 902 Internet: www.ratiokontakt.de Gesch?ftsf?hrer: Dr. Nils Kaufmann, Stefan Kraft Amtsgericht Bamberg - HRB 3757 -------------------------------------------------------- ratiokontakt ist zertifiziert nach DIN ISO/IEC 27001 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: This is a digitally signed message part. URL: <https://dovecot.org/pipermail/dovecot/attachments/20190307/dd761157/attachment.sig>
Aki Tuomi
2019-Mar-07 12:24 UTC
Strange behaviour with BLF-CRYPT and SHA*-CRYPT pasword schemas
On 7.3.2019 14.00, Kristijan Savic - ratiokontakt GmbH wrote:>> You could configure default scheme as CRYPT. It covers these all. Otherwise >> you need to make sure passwords have {SCHEME} prefix when it differs from >> default or oddities occur. --- > Thank you for the tip with CRYPT. > > Is there any explanation for this behaviour though? > > Why are BCRYPT hashes accepted when default_pass_scheme is set to SHA512-CRYPT > and not vice versa? Is this normal? >Because SHA512-CRYPT is directly sent to crypt(3) but BLF-CRYPT and CRYPT are ran thru something that checks if it starts with $2$ or not, as linux does not actually support bcrypt in crypt(3). Aki -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: <https://dovecot.org/pipermail/dovecot/attachments/20190307/c16085ba/attachment-0001.sig>
Kristijan Savic - ratiokontakt GmbH
2019-Mar-07 14:34 UTC
Strange behaviour with BLF-CRYPT and SHA*-CRYPT pasword schemas
That explains everything then, excellent. Thank you very much! -- Regards, Kristijan Savic -------------------------------------------------------- ratiokontakt GmbH Biegenhofstr. 13 96103 Hallstadt Telefon: +49 (0) 951 9 35 35 - 0 Telefax: +49 (0) 951 9 35 35 - 902 Internet: www.ratiokontakt.de Gesch?ftsf?hrer: Dr. Nils Kaufmann, Stefan Kraft Amtsgericht Bamberg - HRB 3757 -------------------------------------------------------- ratiokontakt ist zertifiziert nach DIN ISO/IEC 27001 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: This is a digitally signed message part. URL: <https://dovecot.org/pipermail/dovecot/attachments/20190307/f38ca839/attachment.sig>
Maybe Matching Threads
- Strange behaviour with BLF-CRYPT and SHA*-CRYPT pasword schemas
- Strange behaviour with BLF-CRYPT and SHA*-CRYPT pasword schemas
- Strange behaviour with BLF-CRYPT and SHA*-CRYPT pasword schemas
- Sieve operation "send copy" not working since upgrade from dovecot 2.2.31-1 to 2.3.5.1-1
- Sieve operation "send copy" not working since upgrade from dovecot 2.2.31-1 to 2.3.5.1-1