On 7/12/12, Nick Edwards <nick.z.edwa...@gmail.com> wrote:
Dear Timo,
Do you intend to introduce bcrypt into the built in password schemes?
In lew of all these hacks lately many larger companies appear moving
this way, we are looking at it too, but dovecot will then be the
weakest link in the database security.
So, are you planning on this and if so what sort of timeframe /
version would you expect it to be in beta ?
Nik
Interestingly, there doesn't seem to be so much difference between
iterated sha-512 (sha512crypt) and bcrypt. Based on looking at latest
john the ripper results (although I'm a bit confused because they don't
seem to quote the baseline results using the normal default number of
rounds?)
So I think right now, many/most modern glibc are shipping with
sha256/512crypt implementations (recently uclibc also added this). A
small number ship with bcrypt (I have a patch for uclibc), which would
mean that dovecot supported bcrypt out of the box.
For everything else I guess you want a small application and use the
checkpass dovecot method to do external checking? You could for example
implement scrypt checking this way (although I think there is a risk of
running out of server ram if you have many simultaneous logins..?)
I previously thought I wanted bcrypt, but after some consideration I
believe sha256/512crypt is likely sufficient for reasonable security
Cheers
Ed W
