search for: scrypt

Hi, Thank you very much for creating and maintaining dovecot! In my scenario, I want to use the password hash algorithms provided by libsodium: https://download.libsodium.org/doc/ So my difficulty is to have dovecot support libsodium's hash algorithms, particularly: crypto_pwhash_scryptsalsa208sha256_str On the sodium maillinglist I asked for help and received an adjusted dovecot code, which exactly does what I need. You find it here: https://github.com/jedisct1/core/tree/scrypt-argon2 Obviously I need to apply these changes everytime I upgrade to a new dovecot version now. So...

...support as plugin. When the plugin is loaded, it exits with the mentioned error message "undefined symbol: password_scheme_unregister" Branch #2) https://github.com/LuckyFellow/dovecot-core-libsodium/tree/2.2.25_libsodium_auth This compiles fine and also works. The new hashing schemes SCRYPT and ARGON2 are available to dovecot. Libsodium support is not created as module, but only added if the --with-libsodium option was passed to configure. Regards, Andreas

Dear Timo, Do you intend to introduce bcrypt into the built in password schemes? In lew of all these hacks lately many larger companies appear moving this way, we are looking at it too, but dovecot will then be the weakest link in the database security. So, are you planning on this and if so what sort of timeframe / version would you expect it to be in beta ? Nik

...message "undefined symbol: > > password_scheme_unregister" > > > > > > Branch #2) > > > > https://github.com/LuckyFellow/dovecot-core-libsodium/tree/2.2.25_libsodium_auth > > > > This compiles fine and also works. The new hashing schemes SCRYPT and > > ARGON2 are available to dovecot. > > Libsodium support is not created as module, but only added if the > > --with-libsodium option was passed to configure. > > > > > > > > Regards, > > Andreas > > Hi! > > I had a look at your...

We still have MD5 as our default password hash, even though known-hash attacks against MD5 are relatively easy these days. We've supported SHA256 and SHA512 for many years now, so how about making SHA512 the default instead of MD5, like on most Linux distributions? Index: etc/login.conf =================================================================== --- etc/login.conf (revision

...nywhere near as secure as PBKDF2. But I've read and learned a lot about secure password hashing in the past 24 hours. My initial point that PBKDF2 is the state of the art has been disproved already. This order seems to be the case [1]: MD5/SHA1 << SHA2 << PBKDF2 < bcrypt < scrypt < Argon2 So I've changed my plans and try to go for Argon2 now. I found support for .NET Core [2] and Python [3]. My original question is kind of obsolete now because I also found another requirement: password rehashing. I'm migrating from an old database that has CRYPT-SHA512 hashe...

Hello. I've been attempting to locate information on how to actually create the encrypted passwords for a new user in /etc/imap.passwd file. Im really going into this blindly, not having ever used dovecot before, and really just need to be pointed to any existing resources on this topic. This is a setup of dovecot (w/ sendmail,squirrelmail) on FC2. I've got one successful auth so far

...F2. > > But I've read and learned a lot about secure password hashing in the > past 24 hours. My initial point that PBKDF2 is the state of the art has > been disproved already. This order seems to be the case [1]: > > MD5/SHA1 << SHA2 << PBKDF2 < bcrypt < scrypt < Argon2 > > So I've changed my plans and try to go for Argon2 now. I found support > for .NET Core [2] and Python [3]. > > My original question is kind of obsolete now because I also found > another requirement: password rehashing. I'm migrating from an old > d...

Platform is Solaris 8 on a 280R. I'm setting up a new installation of Dovecot, and I ran into some troubles that I've partly tracked down. I setup auth/user dbs with LDAP initially, and things worked well. Passwords are stored as "{crypt}zxcv..." in LDAP. I setup SQL, and began getting this: dovecot: Jan 23 16:37:47 Error: child 8718 (auth-worker) killed with signal 11

Hi, I want to add a new password hashing scheme as plugin and provide it for the dovecot project, so that it will be included as optional plugin in future releases. Yet the plugin compiles fine and the .so file gets created. My approach is to call the functions password_scheme_register() and password_scheme_unregister() (src/auth/password-scheme.c) inside the plugin's _init() and _deinit()

Hello, I'm setting up a new server and, again, seek for a decently secure (from a security specialist's POV) way to store and verify user passwords in a database. Additionally now, GDPR requires me to use a solid state-of-the-art solution. My OS is Ubuntu 20.04, Dovecot version 2.3.7, database backend with PostgreSQL 12. Obviously, storing the plaintext password is a terrible idea.

...n the user who logged in. Ries In [global] I use logon script = tmp%U.bat [netlogon] root preexec = bla bla bla\logonscript.pl %U %G %m root postexec = bla bla bla\logoutscript.pl %U %G %m <---------- logonscript.pl #!/usr/bin/perl # Modifyed script Ries van Twisk rvt@dds.nl # I found this scrypt on www.phonax.com and modifyed it for my peronal use # The best part of it it sets some environmental parameters the same # as can be found on NT. ##Const that identiefies the servername (saves alot of typing ;) ) $pdcserver="tiny"; $timeserver="tiny"; $doslogonpath="\\...