search for: ssha512

I'm trying to configure SSHA512 passwords and when testing discovered that they were not working as expected. At first i was using Centos 6.4 which doesn't have the glibc CRYPT newest functions ($6$salt$pass) so had to rollback to the Dovecot format ({SSHA512.HEX}saltedpassword+salt ) but I'm unable to let dovecot aut...

Hello, world! I have a long-running Dovecot & Postfix installation using PostgreSQL back-end. Until now I've been using MD5 hashing but would like to "upgrade" to the salted SSHA512. Is there a way to configure Dovecot so that it would automatically detect the type of the hash stored in the database, so that users who have changed their password (and thus being hashed with SHA512) and users still having an MD5 hash would both be able to authenticate at the same time? Yours,...

On 1/9/2015 4:07 PM, Jyri Hovila [Turvamies.fi] wrote: > Hello, world! > > I have a long-running Dovecot & Postfix installation using PostgreSQL > back-end. > > Until now I've been using MD5 hashing but would like to "upgrade" to > the salted SSHA512. > > Is there a way to configure Dovecot so that it would automatically > detect the type of the hash stored in the database, so that users who > have changed their password (and thus being hashed with SHA512) and > users still having an MD5 hash would both be able to authenticate at...

Hello, I have a few questions on password schemes. Is SHA512 the most secure? Is there a difference between SHA512 and SHA512-CRYPT? What about SSHA512 and SSH512-CRYPT? Is there a problem with this sql statement: UPDATE virtual_users SET password=CONCAT(?{SHA256-CRYPT}?, ENCRYPT (?Password Goes Here?, CONCAT(?$5$?, SUBSTRING(SHA(RAND()), -16)))) WHERE user=?user at example.com?; I'm getting an error 1064 at the ending email address. Thank...

Dear Expert, I am having issue with using SSHA512 Password Schemes with my openldap server. I have used doveadm utility to create password and able to verify the same but trying to login to IMAP is failing tried debug the auth part but no success so far. I am using the latest version of dovecot. Please share your views .. Thanks

Hi, since several versions i have the following problem: Actually i am using: dovecot --version 2.2.16 (de2023e630cb) When i try to use doveadm i see the following error: doveadm pw -t {SSHA512}cywDi7p60qc1K0mK4zAC2NrnK86hntGgbQcAh3H9U3WEpZMFk1hj/MYQ81hJouP1FOsF/Jasc1BjzdaPeUU5fYLitEzV -p 1234 Fatal: Couldn't load required plugin /usr/lib/dovecot/modules/lib11_imap_quota_plugin.so: dlopen() failed: /usr/lib/dovecot/modules/lib11_imap_quota_plugin.so: undefined symbol: command_unregist...

Hello, Thanks for the explanation. So should I go with SSHA512 or SHA512-CRYPT? From your explanation i'm interpreting to mean that SHA512-CRYPT also salts. This is for storing in a mysql database. Also, what should the password field length and type be set for? Currently it's varchar(128) Thanks. Dave. On 4/29/17, Aki Tuomi <aki.tuomi at dovecot...

Hi! My "no" referred to the fact that I had not read the article before. =D Thanks for linking it - I'm sure it will be very useful. I've been terribly busy during the last couple of days and have therefore not been able to comment much on the list. I'll come back there as soon as things calm down a bit. =) Yours, Jyri -- +358-50-5632104 (24/7) +358-46-8822157 (backup)

...ust. Documentation on page https://samba.tranquil.it/doc/en/samba_fundamentals/about_password_hash.html#propagating-a-password-change-from-samba-ad-to-an-openldap says "It is now possible to have new types of hashes generated when a user changes their password, such as crypt-ssha256 or crypt-ssha512", but I haven't found much info for this. Is it possible set different kind of hash in samba's database? What would that look like? Something like '{SSHA512}XXXXXXX/XXX' (simillar to ldap)? Thanks

...> Documentation on page https://samba.tranquil.it/doc/en/samba_fundamentals/about_password_hash.html#propagating-a-password-change-from-samba-ad-to-an-openldap says "It is now possible to have new types of hashes generated when a user changes their password, such as crypt-ssha256 or crypt-ssha512", but I haven't found much info for this. > > Is it possible set different kind of hash in samba's database? What would that look like? Something like '{SSHA512}XXXXXXX/XXX' (simillar to ldap)? > > Thanks > Sorry, but you are supposed to sync from AD to other...

...uot; encryption. In the "10-auth.conf" file, I tried: auth_mechanisms = plain argon2id Upon restarting dovecot, I received an error message when attempting to actually it: auth: FATAL: Unknown authentication mechanism "ARGON2ID" Output from doveadm pw -l doveadm pw -l SHA1 SSHA512 BLF-CRYPT PLAIN HMAC-MD5 OTP SHA512 SHA RPA DES-CRYPT CRYPT SSHA MD5-CRYPT SKEY PLAIN-MD4 PLAIN-MD5 SCRAM-SHA-1 LANMAN SHA512-CRYPT CLEAR CLEARTEXT ARGON2I ARGON2ID SSHA256 NTLM MD5 PBKDF2 SHA256 CRAM-MD5 PLAIN-TRUNC SHA256-CRYPT SMD5 DIGEST-MD5 LDAP-MD5 I assume I am making a stupid mistake, but...

...he rounds parameter will make the algorithm to do 4000 rounds of SHA512 to make it less feasible to do brute force attacks. Aki > On April 30, 2017 at 4:59 AM David Mehler <dave.mehler at gmail.com> wrote: > > > Hello, > > Thanks for the explanation. So should I go with SSHA512 or > SHA512-CRYPT? From your explanation i'm interpreting to mean that > SHA512-CRYPT also salts. This is for storing in a mysql database. > Also, what should the password field length and type be set for? > Currently it's varchar(128) > > Thanks. > Dave. > > &...

...user = postfix } } ssl_cert = </etc/pki/dovecot/certs/dovecot.pem ssl_key = </etc/pki/dovecot/private/dovecot.pem Here's how I constructed my users file: # # Passwd-file for use with dovecot authentication # Used in a virtual setup # Username:{scheme}HashedPassword:UID:GID:: user:{SSHA512}hbLu+pCmhmtyKEwyAs3wv3kvHD/ryr0MoXOAq3VdB7X/g8qIE/xE9BG+eI4jhFk9pTyiCltPCjZxv5/+yK1wll2LNcw= :5000:5000:: My goal is to use this with a postfix virtual mailbox setup, the postfix part is already in place. The mailbox base is /var/spool/mail/vhosts and under that there's example.com which is th...

...args = username_format=%u /opt/local/etc/dovecot/users # Default fields that can be overridden by passwd-file #default_fields = quota_rule=*:storage=1G # Override fields from passwd-file #override_fields = home=/home/virtual/%u } In the users file I have 2 users defined as follow: user1:{SSHA512}<encrypted password>:::::: user2:{SSHA512}<encrypted password:::::: Dovecot gives following error message on startup: Mar 23 08:50:30 master: Info: Dovecot v2.3.20 (80a5ac675d) starting up for imap, lmtp, sieve (core dumps disabled) Mar 23 08:50:30 auth: Debug: Loading modules from direct...

...onf// //}/ *# dovecot-ldap.conf* /hosts = myurl:myport// //dn = cn=myuser,dc=mydomain,dc=com// //dnpass = ********// //a//uth_bind = yes// //auth_bind_userdn = uid=%u,ou=users,dc=mydomain,dc=com// //ldap_version = 3// //base = ou=Users,dc=mydomain,dc=com// //scope = base// //default_pass_scheme = SSHA512 / Do you have an idead ? Kind regards. -- Michael

I am using a FreeBSD 11-2 amd/64 system with dovecot version 2.3.4 installed. I was playing around with different encryption schemes. doveadm pw -l SHA1 SSHA512 BLF-CRYPT PLAIN HMAC-MD5 OTP SHA512 SHA RPA DES-CRYPT CRYPT SSHA MD5-CRYPT SKEY PLAIN-MD4 PLAIN-MD5 SCRAM-SHA-1 LANMAN SHA512-CRYPT CLEAR CLEARTEXT SSHA256 NTLM MD5 PBKDF2 SHA256 CRAM-MD5 PLAIN-TRUNC SHA256-CRYPT SMD5 DIGEST-MD5 LDAP-MD5 There is no mention of "argon2" shown. Now, fro...

...t/users > > # Default fields that can be overridden by passwd-file > #default_fields = quota_rule=*:storage=1G > > # Override fields from passwd-file > #override_fields = home=/home/virtual/%u > } > > In the users file I have 2 users defined as follow: > user1:{SSHA512}<encrypted password>:::::: > user2:{SSHA512}<encrypted password:::::: > > Dovecot gives following error message on startup: > Mar 23 08:50:30 master: Info: Dovecot v2.3.20 (80a5ac675d) starting up for > imap, lmtp, sieve (core dumps disabled) > Mar 23 08:50:30 auth: Debug...

(I subscribed to a daily digest for this list and can?t figure out how to reply to a reply.) Anyway, Aki Tuomi replied to my feature request saying: > We support in latest 2.2 release > > MD5 MD5-CRYPT SHA SHA1 SHA256 SHA512 SMD5 SSHA SSHA256 SSHA512 PLAIN > CLEAR CLEARTEXT PLAIN-TRUNC CRAM-MD5 SCRAM-SHA-1 HMAC-MD5 DIGEST-MD5 > PLAIN-MD4 PLAIN-MD5 LDAP-MD5 LANMAN NTLM OTP SKEY RPA CRYPT SHA256-CRYPT > SHA512-CRYPT > > There is also blowfish support as BLF-CRYPT, but that requires that your > system supports it. CRYPT supp...

...ds that can be overridden by passwd-file >> #default_fields = quota_rule=*:storage=1G >> >> # Override fields from passwd-file >> #override_fields = home=/home/virtual/%u >> } >> >> In the users file I have 2 users defined as follow: >> user1:{SSHA512}<encrypted password>:::::: >> user2:{SSHA512}<encrypted password:::::: >> >> Dovecot gives following error message on startup: >> Mar 23 08:50:30 master: Info: Dovecot v2.3.20 (80a5ac675d) starting up for imap, lmtp, sieve (core dumps disabled) >> Mar 23 08:5...

...g 'sponge' functions, that many have followed.? It is the basis of SHA3 (at Keccak's greatest strength). Argon2 seems to be special-built for password hashing.? Thing is it is not supported on my CentOS7 system: # doveadm pw -l MD5 MD5-CRYPT SHA SHA1 SHA256 SHA512 SMD5 SSHA SSHA256 SSHA512 PLAIN CLEAR CLEARTEXT PLAIN-TRUNC CRAM-MD5 SCRAM-SHA-1 HMAC-MD5 DIGEST-MD5 PLAIN-MD4 PLAIN-MD5 LDAP-MD5 LANMAN NTLM OTP SKEY RPA PBKDF2 CRYPT SHA256-CRYPT SHA512-CRYPT Of course SHA3 is not listed either...