search for: ssha256

I'm getting a very strange error and I'm completely mystified by it. Thank you so much for taking a look! I recently migrated some users from another dovecot server to my own, and the previous admin had the passwords in their database using the SSHA256 scheme in HEX format. All the password hashes are in my database (MySQL) with a {SSHA256.HEX} prefix, and I thought at first that they were working fine, but then I checked my logs and am seeing this: localhost dovecot: auth: Error: password(***@***.***): Unknown scheme SSHA256.HEX.b64 (I have re...

...6 -p 123 {SHA256}pmWkWSBCL51Bfkhn79xPuKBKHz//H6B+mY6G9/eieuM= [root at correio ~]# dovecotpw -s SHA256 -p 123 {SHA256}pmWkWSBCL51Bfkhn79xPuKBKHz//H6B+mY6G9/eieuM= [root at correio ~]# using SALTED SHA256, a different hash is generated for the same given password [root at correio ~]# dovecotpw -s SSHA256 -p 123 {SSHA256}FpJZqafpEVKp2heepp9Z7+OeHaX+DBVpLzd6GKg3BW1XqDS0 [root at correio ~]# dovecotpw -s SSHA256 -p 123 {SSHA256}6lWmvtO3SKG5RMET5n89WMIp0xeCg3U14xH1xnAXbvkr8Yjk [root at correio ~]# dovecotpw -s SSHA256 -p 123 {SSHA256}7fXVjC7Iiu0Ko9SgyBpbDvbwMSkoxMILRjDUE0nNpCHBFaIa [root at correio ~]#...

Hi again, I`m a bit confused how to store a SSHA256 password in the database and I can`t find any information in the wiki. Do I have to store the SHA256 hash and the salt separately (what would the password_query be like in this way) or just the final SSHA256 hash? Regards Patrick

Hi! I noticed these messages in my logs. It seems that the user checked the "encrypted password" in her outlook or something, and wants NTLM auth. I'm storing all the passwords as SSHA256, and when the user tries to auth, this happens: => dovecot.info auth: Info: password(<username>,<user_ip>): Requested NTLM scheme, but we have only SSHA256 auth: Debug: sql(<username>,<user_ip>): query: SELECT username AS user, password, home AS userdb_home, uid AS use...

...ovecot/conf.d/auth-passwdfile.conf.ext: snip/ passdb { driver = passwd-file args = scheme=CRYPT username_format=%u /etc/dovecot/users <--Path for passwdfile } userdb { driver = passwd-file args = username_format=%u /etc/dovecot/users } snip/ 9. /etc/dovecot/users: test004:{SSHA256}hFxB8tbyZrCCcwZKDaQEiUfojbRovOq8ECU0syPHQTCY0233:18222:18222::/home/test004::userdb_quota_rule=*:storage=1M test005:{SSHA256}hFxB8tbyZrCCcwZKDaQEiUfojbRovOq8ECU0syPHQTCY0233:18223:18223::/home/test005::userdb_quota_rule=*:storage=1M test006:{SSHA256}hFxB8tbyZrCCcwZKDaQEiUfojbRovOq8ECU0syPHQTCY0233:...

...ctually it: auth: FATAL: Unknown authentication mechanism "ARGON2ID" Output from doveadm pw -l doveadm pw -l SHA1 SSHA512 BLF-CRYPT PLAIN HMAC-MD5 OTP SHA512 SHA RPA DES-CRYPT CRYPT SSHA MD5-CRYPT SKEY PLAIN-MD4 PLAIN-MD5 SCRAM-SHA-1 LANMAN SHA512-CRYPT CLEAR CLEARTEXT ARGON2I ARGON2ID SSHA256 NTLM MD5 PBKDF2 SHA256 CRAM-MD5 PLAIN-TRUNC SHA256-CRYPT SMD5 DIGEST-MD5 LDAP-MD5 I assume I am making a stupid mistake, but I do not know what it is. -- Jerry

...ear text password or one of the proposed hash out of the GPG encrypted Primary:SambaGPG entry, and then pipe those hashes in external openldap or other authentication servers. If this is the way it works, I was wondering if is there a reason why not directly storing the required hashes (ssha1, ssha256, etc.) into the supplementalCredentials attribute on the DC doing the password change? Cheers, Denis -- Denis Cardon Tranquil IT Systems Les Espaces Jules Verne, bâtiment A 12 avenue Jules Verne 44230 Saint Sébastien sur Loire tel : +33 (0) 2.40.97.57.55 http://www.tranquil-it-systems.fr

dovecot is setup on a system with MD5-CRYPT password scheme for all users, and I would like to update this to something that is secure, probably SSHA256-CRYPT, but I want to do this seamlessly without the users having to jump through any hoops. The users are in mySQL (managed via postfixadmin) and the mailbox record simply stores the hash in the password field. Users access their accounts though IMAP MUAs or Roundcube. How would I setup my system...

...FreeBSD 11-2 amd/64 system with dovecot version 2.3.4 installed. I was playing around with different encryption schemes. doveadm pw -l SHA1 SSHA512 BLF-CRYPT PLAIN HMAC-MD5 OTP SHA512 SHA RPA DES-CRYPT CRYPT SSHA MD5-CRYPT SKEY PLAIN-MD4 PLAIN-MD5 SCRAM-SHA-1 LANMAN SHA512-CRYPT CLEAR CLEARTEXT SSHA256 NTLM MD5 PBKDF2 SHA256 CRAM-MD5 PLAIN-TRUNC SHA256-CRYPT SMD5 DIGEST-MD5 LDAP-MD5 There is no mention of "argon2" shown. Now, from the command line I can enter this command: ~ $ echo -n "Secret-Password" | argon2 somesalt Type: Argon2i Iterations: 3 Memory:...

(I subscribed to a daily digest for this list and can?t figure out how to reply to a reply.) Anyway, Aki Tuomi replied to my feature request saying: > We support in latest 2.2 release > > MD5 MD5-CRYPT SHA SHA1 SHA256 SHA512 SMD5 SSHA SSHA256 SSHA512 PLAIN > CLEAR CLEARTEXT PLAIN-TRUNC CRAM-MD5 SCRAM-SHA-1 HMAC-MD5 DIGEST-MD5 > PLAIN-MD4 PLAIN-MD5 LDAP-MD5 LANMAN NTLM OTP SKEY RPA CRYPT SHA256-CRYPT > SHA512-CRYPT > > There is also blowfish support as BLF-CRYPT, but that requires that your > system supports it. CR...

...ername: test1 cn: Test Account objectClass: inetOrgPerson objectClass: posixAccount objectClass: top objectClass: shadowAccount objectClass: sambaSamAccount mail: test1 at cdac.in shadowLastChange: 15587 loginShell: /bin/bash uidNumber: 5345 gidNumber: 5345 homeDirectory: /home/test1 userPassword: {SSHA256}v7vlA8YYjJ27IbPQQa8eaChdHFcnw== sambaPwdLastSet: 1473165911 sambaLMPassword: 7e58f6a33f8b3ef68ef354180a3a1da7 sambaSID: S-1-5-21-4079184197-2446238136-3299756537-1008 sambaAcctFlags: [UX ] sambaNTPassword: 0242A7FEC5CD294F916925766089E573 when I configured samba with ldap backend then sam...

...e hashing 'sponge' functions, that many have followed.? It is the basis of SHA3 (at Keccak's greatest strength). Argon2 seems to be special-built for password hashing.? Thing is it is not supported on my CentOS7 system: # doveadm pw -l MD5 MD5-CRYPT SHA SHA1 SHA256 SHA512 SMD5 SSHA SSHA256 SSHA512 PLAIN CLEAR CLEARTEXT PLAIN-TRUNC CRAM-MD5 SCRAM-SHA-1 HMAC-MD5 DIGEST-MD5 PLAIN-MD4 PLAIN-MD5 LDAP-MD5 LANMAN NTLM OTP SKEY RPA PBKDF2 CRYPT SHA256-CRYPT SHA512-CRYPT Of course SHA3 is not listed either...

I have trying to find how to set the dovecot-sql.conf for using SHA256/512.? I am going to start clean with the stronger format, not migrate from the old MD5.? It seems all I need is: driver = mysql connect = host=/var/lib/mysql/mysql.sock dbname=postfix user=postfix password=$Postfix_Database_Password default_pass_scheme = SHAxxx-CRYPT # following should all be on one line. password_query =

??? Here i have SSHA256 working with: default_pass_scheme = PLAIN ??? and my database scheme just received the hashed password prefixed by the SSHA indicator, just like: mysql> select * from emails where endereco = 'solutti at XXXXXXXXX'\G *************************** 1. row *************************** ???...

On Wed, 2016-10-19 at 10:10 +0200, Stefan Metzmacher via samba wrote: > Hi Dennis, > > >  > > > > If this is the way it works, I was wondering if is there a reason > > why > > not directly storing the required hashes (ssha1, ssha256, etc.) > > into the > > supplementalCredentials attribute on the DC doing the password > > change? > > Because it's much more flexible that way and you can construct any > new > hashing scheme that will be invented in future. > > If someone wants to impleme...

...ewer and more robust. Documentation on page https://samba.tranquil.it/doc/en/samba_fundamentals/about_password_hash.html#propagating-a-password-change-from-samba-ad-to-an-openldap says "It is now possible to have new types of hashes generated when a user changes their password, such as crypt-ssha256 or crypt-ssha512", but I haven't found much info for this. Is it possible set different kind of hash in samba's database? What would that look like? Something like '{SSHA512}XXXXXXX/XXX' (simillar to ldap)? Thanks

...wed.? It is the basis >> of SHA3 (at Keccak's greatest strength). >> >> Argon2 seems to be special-built for password hashing.? Thing is it is >> not supported on my CentOS7 system: >> >> # doveadm pw -l >> MD5 MD5-CRYPT SHA SHA1 SHA256 SHA512 SMD5 SSHA SSHA256 SSHA512 PLAIN >> CLEAR CLEARTEXT PLAIN-TRUNC CRAM-MD5 SCRAM-SHA-1 HMAC-MD5 DIGEST-MD5 >> PLAIN-MD4 PLAIN-MD5 LDAP-MD5 LANMAN NTLM OTP SKEY RPA PBKDF2 CRYPT >> SHA256-CRYPT SHA512-CRYPT >> >> Of course SHA3 is not listed either... >> >> > ARGON2 support i...

...ore robust. > > Documentation on page https://samba.tranquil.it/doc/en/samba_fundamentals/about_password_hash.html#propagating-a-password-change-from-samba-ad-to-an-openldap says "It is now possible to have new types of hashes generated when a user changes their password, such as crypt-ssha256 or crypt-ssha512", but I haven't found much info for this. > > Is it possible set different kind of hash in samba's database? What would that look like? Something like '{SSHA512}XXXXXXX/XXX' (simillar to ldap)? > > Thanks > Sorry, but you are supposed to sync...

...4 installed. > I was playing around with different encryption schemes. > > doveadm pw -l > SHA1 SSHA512 BLF-CRYPT PLAIN HMAC-MD5 OTP SHA512 SHA RPA DES-CRYPT CRYPT SSHA > MD5-CRYPT SKEY PLAIN-MD4 PLAIN-MD5 SCRAM-SHA-1 LANMAN SHA512-CRYPT CLEAR > CLEARTEXT SSHA256 NTLM MD5 PBKDF2 SHA256 CRAM-MD5 PLAIN-TRUNC SHA256-CRYPT > SMD5 DIGEST-MD5 LDAP-MD5 > > There is no mention of "argon2" shown. Now, from the command line I can enter > this command: > > ~ $ echo -n "Secret-Password" | argon2 somesalt...

Howdy - For most of my dovecot servers, they are small and I just use unix accounts. However I am going to be running a new server for more general users, webmail (probably roundcube but I'm hacking roundcube quite a bit, enough that I'm calling it squarepeg instead so users familiar with roundcube will know it is quite different) and it will use MariaDB for account management. I