search for: sha512

That's not SHA512-CRYPT. That's just a simple sha512 of the password, without salt. A SHA512-CRYPT password will be generated with: printf "1234\n1234" | doveadm pw -s SHA512-CRYPT or: doveadm pw -s SHA512-CRYPT -p 1234 or: mkpasswd -m sha-512 1234 (without the "{SHA512-CRYPT}" prefix)...

Hello, I have a few questions on password schemes. Is SHA512 the most secure? Is there a difference between SHA512 and SHA512-CRYPT? What about SSHA512 and SSH512-CRYPT? Is there a problem with this sql statement: UPDATE virtual_users SET password=CONCAT(?{SHA256-CRYPT}?, ENCRYPT (?Password Goes Here?, CONCAT(?$5$?, SUBSTRING(SHA(RAND()), -16)))) WHERE use...

Running postfix+dovecot+mysql on a mac-mini, and trying to solve this puzzle. Is this a Mac issue?, a MySQL issue? or something I haven't configured in? You can see from the output of the samples shows in the first case, that SHA512-CRYPT seems to be Unknown. The code I used is from a Linux based tutorial on setting up Postfix+Dovecot+MySQL on a site. Everything is generally going ok, apart from this bit. There are some others unknown as well. The codes used to create my database of passwords follows these output examples....

Hello, Thanks for the explanation. So should I go with SSHA512 or SHA512-CRYPT? From your explanation i'm interpreting to mean that SHA512-CRYPT also salts. This is for storing in a mysql database. Also, what should the password field length and type be set for? Currently it's varchar(128) Thanks. Dave. On 4/29/17, Aki Tuomi <aki.tuomi at dovecot...

Hello, If I try to use the crypt schemes provided by libc. I fail as follows: jnikula at jlaptop:~/$ doveadm pw -s SHA512-CRYPT -p 123456 {SHA512-CRYPT}$6$to2umWLDtqvzS8SV$ZGpBeGNKuUN/2HKG6I2BEAt.Gzrz/y.SZDkos2GT2ik8obnp3XCFWfVsKVriJa6jjHULmLIqCSSyaF5YrTH7u. jnikula at jlaptop:~/$ doveadm pw -t {SHA512-CRYPT}$6$to2umWLDtqvzS8SV$ZGpBeGNKuUN/2HKG6I2BEAt.Gzrz/y.SZDkos2GT2ik8obnp3XCFWfVsKVriJa6jjHULmLIqCSSyaF5YrTH7u. -p 1...

...t is truncated, it should be something like 95chars long, Is your hash column set to 128 or up around there or larger? Quoting Carl A Jeptha <cajeptha at gmail.com>: > Sorry for double reply, but this what a password looks like in the > "hashed" password column: > {SHA512-CRYPT}$6$wEn1UFuiMzl9OSjd$Vh/PZ95WDID1GwI2 > > ------------ > You have a good day now, en mag jou m?re ook so wees, > > On 2016-04-30 01:14, Gedalya wrote: >> That's not SHA512-CRYPT. That's just a simple sha512 of the >> password, without salt. >> >&gt...

Hi, Not sure if this is a PBKAC or not:- root at ds3:/usr/share/postfixadmin# doveadm pw -s SHA512-CRYPT -p password {SHA512-CRYPT}$6$aUgGXP0UshkMj7hY$9JV4yMRsjIe/98CzmglYrMjf.9NJ.FXzxcLE9B0v3doCRUWo2wRncc6hg6VCs0DCUHQbeC/bRDZdGCge/nB/h/ root at ds3:/usr/share/postfixadmin# doveadm pw -t {SHA512-CRYPT}$6$aUgGXP0UshkMj7hY$9JV4yMRsjIe/98CzmglYrMjf.9NJ.FXzxcLE9B0v3doCRUWo2wRncc6hg6VCs0DCUHQbeC/bRD...

> I would love to know why your ubuntu 14.04 system doesn't support sha512-crypt. I just tried SHA512-CRYPT and it is supported on Ubuntu 14.04. I think I was thinking about DBMail instead of Dovecot. I could really use support for BLF-CRYPT since my current password hashes generated by PHP are using Blowfish encryption. Maybe, Dovecot could just add support for BLF-CR...

(I subscribed to a daily digest for this list and can?t figure out how to reply to a reply.) Anyway, Aki Tuomi replied to my feature request saying: > We support in latest 2.2 release > > MD5 MD5-CRYPT SHA SHA1 SHA256 SHA512 SMD5 SSHA SSHA256 SSHA512 PLAIN > CLEAR CLEARTEXT PLAIN-TRUNC CRAM-MD5 SCRAM-SHA-1 HMAC-MD5 DIGEST-MD5 > PLAIN-MD4 PLAIN-MD5 LDAP-MD5 LANMAN NTLM OTP SKEY RPA CRYPT SHA256-CRYPT > SHA512-CRYPT > > There is also blowfish support as BLF-CRYPT, but that requires that your > syst...

...port for BLF-CRYPT according to this issue: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1349252 <https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1349252> Actually, now that I?ve researched this a bit more, it was a mistake for my PHP app to make BLF-CRYPT password hashes since SHA512-CRYPT with a high number of rounds should be just as good. If Ubuntu 16.04 didn't add support for BLF-CRYPT, I guess I will have to implement a Checkpassword script for Dovecot that might generate SHA512-CRYPT replacement hashes after successfully checking against the BLF-CRYPT hashes. I?m no D...

...sword_query = SELECT username AS user, password, '%w' AS userdb_mail_crypt_private_password FROM mailboxes WHERE username = '%u' So based on the Dovecot Variables wiki documentation you mention I could adapt my "password_query" parameter to the following in order to use a SHA512 hash of the password: password_query = SELECT username AS user, password, '%{sha512:w}' AS userdb_mail_crypt_private_password FROM mailboxes WHERE username = '%u' is this correct? I am also not sure about sha512 hash because the Dovecot Variable wiki page does not mention sha512...

...work, CN = USERTrust RSA Certification Authority C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = AAA Certificate Services Requested Signature Algorithms: RSA+SHA256:RSA-PSS+SHA256:RSA-PSS+SHA256:ECDSA+SHA256:Ed25519:RSA+SHA384:RSA-PSS+SHA384:RSA-PSS+SHA384:ECDSA+SHA384:RSA+SHA512:RSA-PSS+SHA512:RSA-PSS+SHA512:ECDSA+SHA512:RSA+SHA1:ECDSA+SHA1 Shared Requested Signature Algorithms: RSA+SHA256:RSA-PSS+SHA256:RSA-PSS+SHA256:ECDSA+SHA256:Ed25519:RSA+SHA384:RSA-PSS+SHA384:RSA-PSS+SHA384:ECDSA+SHA384:RSA+SHA512:RSA-PSS+SHA512:RSA-PSS+SHA512:ECDSA+SHA512 Peer signing digest: SHA256...

...my $row = $selectsth->fetchrow_hashref) { open my $urand, '<', '/dev/urandom'; read $urand, my $salt, 12; close $urand; $salt = encode_base64($salt); $salt =~ s/\+/\./g; $salt =~ s/[^0-9a-z\.\/]//ig; #this shouldn't be needed my $cryptpw = '{SHA512-CRYPT}' . crypt $row->{plain_pass}, '$6$'.$salt; print "$row->{localpart}\@$row->{domain}: $cryptpw\n"; # uncomment this when you feel comfortable #$updatesth->execute($cryptpw, $row->{localpart}, $row->{domain}); } You can run this safely with...

Hi, After the 6.2 upgrade, the new /etc/login.defs has: ? ENCRYPT_METHOD SHA512 instead of MD5Is it safe to just apply the change? Will my current MD5 passwords in /etc/passwd still work and only new passwords will be SHA512? Or are they automatically "converted" (rehashed) to SHA512? Thx, JD

We still have MD5 as our default password hash, even though known-hash attacks against MD5 are relatively easy these days. We've supported SHA256 and SHA512 for many years now, so how about making SHA512 the default instead of MD5, like on most Linux distributions? Index: etc/login.conf =================================================================== --- etc/login.conf (revision 236616) +++ etc/login.conf (working copy) @@ -23,7 +23,7 @@...

Hi, I use Debian jessie with Dovecot 2.2.13-11. While writing a script for Horde to change the passwords in my passwd file I noticed doveadm pw -t fails for SHA512-CRYPT: # doveadm pw -s SHA1 -p test {SHA1}qUqP5cyxm6YcTAhz05Hph5gvu9M= # doveadm pw -t {SHA1}qUqP5cyxm6YcTAhz05Hph5gvu9M= -p test {SHA1}qUqP5cyxm6YcTAhz05Hph5gvu9M= (verified) # doveadm pw -s SHA512-CRYPT -p test {SHA512-CRYPT}$6$8FfoioQWQDR/Vuzu$ynKiO/E6Xf4dMvfx2LsP9KQotqy5cEOEppnEh5Hqe1UpCYAgOw...

I can't seem to get the verbose mode of time working.? I am trying to compare the compute cost of sha256-crypt to sha512-crypt: time doveadm pw -s sha256-crypt -p secret real??? 0m0.128s user??? 0m0.081s sys???? 0m0.040s time doveadm pw -s sha512-crypt -p secret real??? 0m0.162s user??? 0m0.105s sys???? 0m0.047s But all attempts to add --verbose fail: time --verbose doveadm pw -s sha512-crypt -p secret -bash: -...

I would go with SHA512-CRYPT, since it is compatible with lots of other things. The field length is static and it contains ascii characters, and it appears to be 118 characters long, but it might be a good idea to use varchar(255) nevertheless, in case you decide to use something else someday. With mysql, you can do my...

Hello, I've got dovecot authenticating to a MySQL database. I've got a field varchar(128) called password. Whenever I create a password I use doveadm pw as in: doveadm pw -s sha512-crypt now i'd like to get MySQL to make a dovecot-specific password. My goal is to eventually have roundcube's password plugin working with this MySQL database to change the password. Thanks. Dave.

...dardised and should be compatible doesn't mean their use in different implementations leads to interoperable data. The key point here seems to be that Dovecot just supports SHA-1 with PBKDF2, not SHA-256. So I'm out of luck here. The different formats are no longer relevant then. CRYPT-SHA512 is not anywhere near as secure as PBKDF2. But I've read and learned a lot about secure password hashing in the past 24 hours. My initial point that PBKDF2 is the state of the art has been disproved already. This order seems to be the case [1]: MD5/SHA1 << SHA2 << PBKDF2 < bcr...