Sent from my iPhone
On Jun 5, 2016, at 6:16 PM, KT Walrus <ke...@my.walr.us> wrote: >> I would love to know why your ubuntu 14.04 system doesn't support >> sha512-crypt. > > I just tried SHA512-CRYPT and it is supported on Ubuntu 14.04. I think I was > thinking about DBMail instead of Dovecot. > > I could really use support for BLF-CRYPT since my current password hashes > generated by PHP are using Blowfish encryption. > > Maybe, Dovecot could just add support for BLF-CRYPT by using the open source > implementation of Blowfish hashing found in > https://github.com/php/php-src/tree/master/ext/standard > <https://github.com/php/php-src/tree/master/ext/standard>. The implementation > looks like a single function to generate the hash. I’m not much of a > programmer, but it would seem to me that these .c/.h files could be added to > Dovecot for doing BLF-CRYPT hashing. > It already does. As previously stated. > This would mean all installations of Dovecot going forward would support > BLF-CRYPT regardless of whether the crypt libraries have Blowfish built in. > > Kevin > >> On Jun 4, 2016, at 9:53 AM, Patrick Domack <patric...@patrickdk.com> wrote: >> >> >> Quoting KT Walrus <ke...@my.walr.us <mailto:ke...@my.walr.us>>: >> >>> (I subscribed to a daily digest for this list and can’t figure out how to >>> reply to a reply.) >>> >>> Anyway, Aki Tuomi replied to my feature request saying: >>> >>>> We support in latest 2.2 release >>>> >>>> MD5 MD5-CRYPT SHA SHA1 SHA256 SHA512 SMD5 SSHA SSHA256 SSHA512 PLAIN >>>> CLEAR CLEARTEXT PLAIN-TRUNC CRAM-MD5 SCRAM-SHA-1 HMAC-MD5 DIGEST-MD5 >>>> PLAIN-MD4 PLAIN-MD5 LDAP-MD5 LANMAN NTLM OTP SKEY RPA CRYPT SHA256-CRYPT >>>> SHA512-CRYPT >>>> >>>> There is also blowfish support as BLF-CRYPT, but that requires that your >>>> system supports it. CRYPT supports whatever your crypt() supports. >>> >>> The reason I suggest building in fallback hash type support is that my >>> install of Dovecot on Ubuntu 14.04 didn’t support SHA512-CRYPT or BLF-CRYPT. >>> >>> If Dovecot just included the PHP .c files to make sure it can process >>> Blowfish/SHA512 password hashes on all installs, it would greatly simplify >>> adding Dovecot as a service for my existing user accounts (without forcing >>> them to give their password for the site so I can generate new hashes in a >>> form that Dovecot supports). SHA256-CRYPT is probably my best option for >>> password hashing since it supports ROUNDS to make hash generation slower. >>> But, I would rather use BLF-CRYPT so I can re-use my existing hashes for my >>> user accounts. >> >> I would love to know why your ubuntu 14.04 system doesn't support >> sha512-crypt. >> >> My dovecot installs have only ever used sha512-crypt since 2008. Been using >> ubuntu since 7.04 with sha512-crypt, and my current systems running 14.04 >> and 16.04 both use sha512-crypt. >> >> The default password hash for system user accounts in ubuntu has been >> sha512-crypt for a very long time now.
