dovecot - Jul 2021 - SSHA512 Salting in SQL Query

I don't understand what im doing wrong.

Password = test
Salt = salt


MariaDB> select to_base64(concat(sha2('testsalt', 512),
'salt'));

NmM4MzhlOTM0ZTNmZWVmYWU2Y2ZhNTNhZjExMzc1ZDQ5NTRmODVjNmY1ZWQ4ODhjMDJjZDc4MDZhNzE2OTZkMWNiNDQ5ZjJiZTc4ZTllNmVhMzAxYTk1YzgxZjI4YWQ4NzY2ZjNhZTU4MmY5YmVhYWMzM2M3ZGMyYjdiYTkxODdzYWx0


[root at host /]# doveadm pw -p test -t 
{SSHA512.b64}NmM4MzhlOTM0ZTNmZWVmYWU2Y2ZhNTNhZjExMzc1ZDQ5NTRmODVjNmY1ZWQ4ODhjMDJjZDc4MDZhNzE2OTZkMWNiNDQ5ZjJiZTc4ZTllNmVhMzAxYTk1YzgxZjI4YWQ4NzY2ZjNhZTU4MmY5YmVhYWMzM2M3ZGMyYjdiYTkxODdzYWx0

Fatal: reverse password verification check failed: Password mismatch


Can someone point me in the right direction? Thanks.

Hi!

doveadm pw -s SSHA512 -p test
{SSHA512}qj7ldjy3W5EKw4KskVK254ZPqfzoQNgbUDqA2L2ScjhQ8UDFuEpo3RvdG0zc9hgq6kFT7XcfYjHjOfSfE7Bqb82g36A
so no need to double-base64 encode it, in the first place.
>>> d = hashlib.sha256(b"testsalt").digest()
>>> d = d + b'salt'
>>> base64.b64encode(d)
b'Tt8H7clbL9y8ryN4/RLYrCEsKqbjJsWcPmKb4wOdZDJzYWx0'
$ doveadm pw -s SSHA512 -p test -t
'{SSHA256}Tt8H7clbL9y8ryN4/RLYrCEsKqbjJsWcPmKb4wOdZDJzYWx0'
{SSHA256}Tt8H7clbL9y8ryN4/RLYrCEsKqbjJsWcPmKb4wOdZDJzYWx0 (verified)

Aki
> On 01/07/2021 20:49 dovecot at ptld.com wrote:
> 
>  
> I don't understand what im doing wrong.
> 
> Password = test
> Salt = salt
> 
> 
> MariaDB> select to_base64(concat(sha2('testsalt', 512),
'salt'));
> 
>
NmM4MzhlOTM0ZTNmZWVmYWU2Y2ZhNTNhZjExMzc1ZDQ5NTRmODVjNmY1ZWQ4ODhjMDJjZDc4MDZhNzE2OTZkMWNiNDQ5ZjJiZTc4ZTllNmVhMzAxYTk1YzgxZjI4YWQ4NzY2ZjNhZTU4MmY5YmVhYWMzM2M3ZGMyYjdiYTkxODdzYWx0
> 
> 
> [root at host /]# doveadm pw -p test -t 
>
{SSHA512.b64}NmM4MzhlOTM0ZTNmZWVmYWU2Y2ZhNTNhZjExMzc1ZDQ5NTRmODVjNmY1ZWQ4ODhjMDJjZDc4MDZhNzE2OTZkMWNiNDQ5ZjJiZTc4ZTllNmVhMzAxYTk1YzgxZjI4YWQ4NzY2ZjNhZTU4MmY5YmVhYWMzM2M3ZGMyYjdiYTkxODdzYWx0
> 
> Fatal: reverse password verification check failed: Password mismatch
> 
> 
> Can someone point me in the right direction? Thanks.