dovecot - Mar 2019 - Strange behaviour with BLF-CRYPT and SHA*-CRYPT pasword schemas

> You could configure default scheme as CRYPT. It covers these all. Otherwise
> you need to make sure passwords have {SCHEME} prefix when it differs from
> default or oddities occur. ---
Thank you for the tip with CRYPT.

Is there any explanation for this behaviour though?

Why are BCRYPT hashes accepted when default_pass_scheme is set to SHA512-CRYPT 
and not vice versa?  Is this normal?

-- 
Regards,

Kristijan Savic

--------------------------------------------------------
ratiokontakt GmbH
Biegenhofstr. 13
96103 Hallstadt
Telefon: +49 (0) 951 9 35 35 - 0
Telefax: +49 (0) 951 9 35 35 - 902
Internet: www.ratiokontakt.de
Gesch?ftsf?hrer: Dr. Nils Kaufmann, Stefan Kraft
Amtsgericht Bamberg - HRB 3757
--------------------------------------------------------
ratiokontakt ist zertifiziert nach DIN ISO/IEC 27001
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part.
URL:
<https://dovecot.org/pipermail/dovecot/attachments/20190307/dd761157/attachment.sig>

On 7.3.2019 14.00, Kristijan Savic - ratiokontakt GmbH
wrote:
>> You could configure default scheme as CRYPT. It covers these all.
Otherwise
>> you need to make sure passwords have {SCHEME} prefix when it differs
from
>> default or oddities occur. ---
> Thank you for the tip with CRYPT.
>
> Is there any explanation for this behaviour though?
>
> Why are BCRYPT hashes accepted when default_pass_scheme is set to
SHA512-CRYPT
> and not vice versa?  Is this normal?
>
Because SHA512-CRYPT is directly sent to crypt(3) but BLF-CRYPT and
CRYPT are ran thru something that checks if it starts with $2$ or not,
as linux does not actually support bcrypt in crypt(3).

Aki


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL:
<https://dovecot.org/pipermail/dovecot/attachments/20190307/c16085ba/attachment-0001.sig>

That explains everything then, excellent.

Thank you very much!

-- 
Regards,

Kristijan Savic

--------------------------------------------------------
ratiokontakt GmbH
Biegenhofstr. 13
96103 Hallstadt
Telefon: +49 (0) 951 9 35 35 - 0
Telefax: +49 (0) 951 9 35 35 - 902
Internet: www.ratiokontakt.de
Gesch?ftsf?hrer: Dr. Nils Kaufmann, Stefan Kraft
Amtsgericht Bamberg - HRB 3757
--------------------------------------------------------
ratiokontakt ist zertifiziert nach DIN ISO/IEC 27001
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part.
URL:
<https://dovecot.org/pipermail/dovecot/attachments/20190307/f38ca839/attachment.sig>