Thank you for your reply.
It's not that simple, though. Just because some core algorithms are
standardised and should be compatible doesn't mean their use in
different implementations leads to interoperable data. The key point
here seems to be that Dovecot just supports SHA-1 with PBKDF2, not
SHA-256. So I'm out of luck here. The different formats are no longer
relevant then.
CRYPT-SHA512 is not anywhere near as secure as PBKDF2.
But I've read and learned a lot about secure password hashing in the
past 24 hours. My initial point that PBKDF2 is the state of the art has
been disproved already. This order seems to be the case [1]:
MD5/SHA1 << SHA2 << PBKDF2 < bcrypt < scrypt < Argon2
So I've changed my plans and try to go for Argon2 now. I found support
for .NET Core [2] and Python [3].
My original question is kind of obsolete now because I also found
another requirement: password rehashing. I'm migrating from an old
database that has CRYPT-SHA512 hashes and want to upgrade them to
Argon2. This affects multiple services (IMAP, SMTP, FTP, Management UI)
so I think I'll better make a central authentication service that has
all the passwords and crypto in one place and handles requests from
those service daemons.
I'm currently investigating how to build such a service and integrate it
into the services. Maybe a Unix socket is a good communication channel.
Dovecot should be able to query it with a custom Lua script. Haven't
looked into the other services yet. That auth service could be built
with Python for isolation from other services, high availability and
relatively low memory footprint. It connects to the database, reads and
updates the hashes and does all the crypto for its clients.
Any suggestions about how to do that?
-------- Ursprüngliche Nachricht --------
Von: Aki Tuomi <>
Gesendet: Sonntag, 30. August 2020, 16:33 MESZ
Betreff: PBKDF2 password hashing as in ASP.NET Core
The PBKDF2 algorithm is standard and should be compatible with ASP.NET Core.
The salt parameter is 16 symbols from the salt character set
followed by number of rounds
hash is hex encoded 160-bit value which comes out of the PBKDF2 function
with SHA1.
Dovecot does not currently have support for PBKDF2-SHA256, only
PBKDF2-SHA1. You could use CRYPT-SHA512 instead which is probably just
as good?