search for: argon2

Is there any information on adding support for Argon2? I have been working on my new mailserver and this came up in moving from the default MD5 hash to more 'modern' hashes like SHA256 and SHA512.? Then I was pointed to the work behind Argon2, and I see that it is moving through the IRTF cfrg workgroup: draft-irtf-cfrg-argon2-04.txt It i...

...doveadm pw -l SHA1 SSHA512 BLF-CRYPT PLAIN HMAC-MD5 OTP SHA512 SHA RPA DES-CRYPT CRYPT SSHA MD5-CRYPT SKEY PLAIN-MD4 PLAIN-MD5 SCRAM-SHA-1 LANMAN SHA512-CRYPT CLEAR CLEARTEXT SSHA256 NTLM MD5 PBKDF2 SHA256 CRAM-MD5 PLAIN-TRUNC SHA256-CRYPT SMD5 DIGEST-MD5 LDAP-MD5 There is no mention of "argon2" shown. Now, from the command line I can enter this command: ~ $ echo -n "Secret-Password" | argon2 somesalt Type: Argon2i Iterations: 3 Memory: 4096 KiB Parallelism: 1 Hash: e6432f595e999988c7c54c30d530b0fc7d9953510e5ccf295359258f4ea22a3d Encoded: $argon2i$...

...HMAC-MD5 OTP SHA512 SHA RPA DES-CRYPT CRYPT SSHA > MD5-CRYPT SKEY PLAIN-MD4 PLAIN-MD5 SCRAM-SHA-1 LANMAN SHA512-CRYPT CLEAR > CLEARTEXT SSHA256 NTLM MD5 PBKDF2 SHA256 CRAM-MD5 PLAIN-TRUNC SHA256-CRYPT > SMD5 DIGEST-MD5 LDAP-MD5 > > There is no mention of "argon2" shown. Now, from the command line I can enter > this command: > > ~ $ echo -n "Secret-Password" | argon2 somesalt > Type: Argon2i > Iterations: 3 > Memory: 4096 KiB > Parallelism: 1 > Hash: > e64...

...g">dovecot@dovecot.org</a>>> a écrit : </div> <div> >> </div> <div> >> </div> <div> >> </div> <div> <br> </div> <div> >>> ARGON2 support is added in dovecot v2.3. It also needs to be enabled </div> <div> >>> when compiling dovecot, so varying from packagers it might or not be </div> <div> >>> available. The CRYPT ones are available if crypt(3) supports them....

...< dovecot at dovecot.org <mailto:dovecot at dovecot.org> <mailto: >>>> dovecot at dovecot.org <mailto:dovecot at dovecot.org>>> a ?crit : >>>> >> >>>> >> >>>> >> >>>> >>>> >>> ARGON2 support is added in dovecot v2.3. It also needs to be >>>> enabled >>>> >>> when compiling dovecot, so varying from packagers it might or >>>> not be >>>> >>> available. The CRYPT ones are available if crypt(3) supports >>&g...

...ng to find how to set the dovecot-sql.conf for using >>>>>> SHA256/512.? I am going to start clean with the stronger format, not >>>>>> migrate from the old MD5.? It seems all I need is: >>>>> you maybe would like to have a look to the hashing algo ARGON2I >>>>> which is >>>>> currently recommended for new developments and deployments. >>>> Recommended by whom? >>>> >>>> Can you provide a link? >>> Sure, please see here: >>> https://www.owasp.org/index.php/Password_S...

...A512 BLF-CRYPT PLAIN HMAC-MD5 OTP SHA512 SHA RPA DES-CRYPT CRYPT SSHA > MD5-CRYPT SKEY PLAIN-MD4 PLAIN-MD5 SCRAM-SHA-1 LANMAN SHA512-CRYPT CLEAR > CLEARTEXT SSHA256 NTLM MD5 PBKDF2 SHA256 CRAM-MD5 PLAIN-TRUNC SHA256-CRYPT > SMD5 DIGEST-MD5 LDAP-MD5 > > There is no mention of "argon2" shown. Now, from the command line I can enter > this command: > > ~ $ echo -n "Secret-Password" | argon2 somesalt > Type: Argon2i > Iterations: 3 > Memory: 4096 KiB > Parallelism: 1 > Hash: > e6432f595e999988c7c54c30d530b0fc7d99535...

The version of libsodium in EPEL supports argon2 For php you can build the libsodium extension. Also php 7.2+ builds that extension if you specify it build time using --with-sodium=shared switch. For dovecot you have to build it against sodium which means building your own packages but it works. At least with modern upstream dovecot. On 2/13...

...e dovecot-sql.conf for using >>>>>>>> SHA256/512.? I am going to start clean with the stronger format, not >>>>>>>> migrate from the old MD5.? It seems all I need is: >>>>>>> you maybe would like to have a look to the hashing algo ARGON2I >>>>>>> which is >>>>>>> currently recommended for new developments and deployments. >>>>>> Recommended by whom? >>>>>> >>>>>> Can you provide a link? >>>>> Sure, please see here: >&gt...

...>>> I have trying to find how to set the dovecot-sql.conf for using >>>> SHA256/512.? I am going to start clean with the stronger format, not >>>> migrate from the old MD5.? It seems all I need is: >>> you maybe would like to have a look to the hashing algo ARGON2I >>> which is >>> currently recommended for new developments and deployments. >> >> Recommended by whom? >> >> Can you provide a link? > > Sure, please see here: > https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet > >> >>...

...> > > > > >> > > > > > > > > > > >> > > > > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > >>> ARGON2 support is added in dovecot v2.3. It also needs to be enabled > > > > > > > > > > >>> when compiling dovecot, so varying from packagers it might or not be > > > > > > > > > > >>> available. The CRYPT ones are availabl...

...ng to find how to set the dovecot-sql.conf for using >>>>>> SHA256/512.? I am going to start clean with the stronger format, not >>>>>> migrate from the old MD5.? It seems all I need is: >>>>> you maybe would like to have a look to the hashing algo ARGON2I >>>>> which is >>>>> currently recommended for new developments and deployments. >>>> Recommended by whom? >>>> >>>> Can you provide a link? >>> Sure, please see here: >>> https://www.owasp.org/index.php/Password_S...

...as secure as PBKDF2. But I've read and learned a lot about secure password hashing in the past 24 hours. My initial point that PBKDF2 is the state of the art has been disproved already. This order seems to be the case [1]: MD5/SHA1 << SHA2 << PBKDF2 < bcrypt < scrypt < Argon2 So I've changed my plans and try to go for Argon2 now. I found support for .NET Core [2] and Python [3]. My original question is kind of obsolete now because I also found another requirement: password rehashing. I'm migrating from an old database that has CRYPT-SHA512 hashes and want t...

...ot >>> >> < dovecot at dovecot.org <mailto:dovecot at dovecot.org> <mailto: >>> dovecot at dovecot.org <mailto:dovecot at dovecot.org>>> a ?crit : >>> >> >>> >> >>> >> >>> >>> >>> ARGON2 support is added in dovecot v2.3. It also needs to be >>> enabled >>> >>> when compiling dovecot, so varying from packagers it might or >>> not be >>> >>> available. The CRYPT ones are available if crypt(3) supports >>> them. In >&gt...

...ow to set the dovecot-sql.conf for using >>>>>>> SHA256/512. I am going to start clean with the stronger format, not >>>>>>> migrate from the old MD5. It seems all I need is: >>>>>> you maybe would like to have a look to the hashing algo ARGON2I >>>>>> which is >>>>>> currently recommended for new developments and deployments. >>>>> Recommended by whom? >>>>> >>>>> Can you provide a link? >>>> Sure, please see here: >>>> https://www.o...

...or using > >>>>>>>> SHA256/512. I am going to start clean with the stronger format, > not > >>>>>>>> migrate from the old MD5. It seems all I need is: > >>>>>>> you maybe would like to have a look to the hashing algo ARGON2I > >>>>>>> which is > >>>>>>> currently recommended for new developments and deployments. > >>>>>> Recommended by whom? > >>>>>> > >>>>>> Can you provide a link? > >>>>>...

...t; But I've read and learned a lot about secure password hashing in the > past 24 hours. My initial point that PBKDF2 is the state of the art has > been disproved already. This order seems to be the case [1]: > > MD5/SHA1 << SHA2 << PBKDF2 < bcrypt < scrypt < Argon2 > > So I've changed my plans and try to go for Argon2 now. I found support > for .NET Core [2] and Python [3]. > > My original question is kind of obsolete now because I also found > another requirement: password rehashing. I'm migrating from an old > database that...

...ficulty is to have dovecot support libsodium's hash algorithms, particularly: crypto_pwhash_scryptsalsa208sha256_str On the sodium maillinglist I asked for help and received an adjusted dovecot code, which exactly does what I need. You find it here: https://github.com/jedisct1/core/tree/scrypt-argon2 Obviously I need to apply these changes everytime I upgrade to a new dovecot version now. So my question ist, what do I need to do so that you will include libsodium support in future versions of dovecot? Thank you very much for your attention, Andreas

Hello, I'm using dovecot 2.3.4.1 on a Debian buster system. with Argon2ID password scheme, it's only possible to configure the parameters used for it via the generic -r option to "doveadm pw". A higher -r will increase time and memory comsumption. But on my dual core VM it always uses p=1. So it seems the needed threads can only be changed on compile tim...

Hello, I'm setting up a new server and, again, seek for a decently secure (from a security specialist's POV) way to store and verify user passwords in a database. Additionally now, GDPR requires me to use a solid state-of-the-art solution. My OS is Ubuntu 20.04, Dovecot version 2.3.7, database backend with PostgreSQL 12. Obviously, storing the plaintext password is a terrible idea.