In case you are interested, https://wiki.dovecot.org/HowTo/ConvertPasswordSchemes
By the way, I am bit sceptical that CRYPT-SHA512 is less secure than PBKDF2. CRYPT-SHA512 is not "just" SHA512(salt||password), it does at least 1000 rounds of hashing in similar way as PBKDF2 does. So, what is your reasoning for claiming that PBKDF2 is much secure than CRYPT-SHA512? Also, if you look at hashcat cracking speeds, you'll see that the speed of cracking is slower for CRYPT-SHA512 than for PBKDF2-SHA512. See https://github.com/siseci/hashcat-benchmark-comparison/blob/master/1x%20GTX%201080%20TI%20hashcat%20benchmark.txt Aki > On 30/08/2020 19:54 Yves Goergen <nospam.l...@unclassified.de> wrote: > > > Thank you for your reply. > > It's not that simple, though. Just because some core algorithms are > standardised and should be compatible doesn't mean their use in > different implementations leads to interoperable data. The key point > here seems to be that Dovecot just supports SHA-1 with PBKDF2, not > SHA-256. So I'm out of luck here. The different formats are no longer > relevant then. > > CRYPT-SHA512 is not anywhere near as secure as PBKDF2. > > But I've read and learned a lot about secure password hashing in the > past 24 hours. My initial point that PBKDF2 is the state of the art has > been disproved already. This order seems to be the case [1]: > > MD5/SHA1 << SHA2 << PBKDF2 < bcrypt < scrypt < Argon2 > > So I've changed my plans and try to go for Argon2 now. I found support > for .NET Core [2] and Python [3]. > > My original question is kind of obsolete now because I also found > another requirement: password rehashing. I'm migrating from an old > database that has CRYPT-SHA512 hashes and want to upgrade them to > Argon2. This affects multiple services (IMAP, SMTP, FTP, Management UI) > so I think I'll better make a central authentication service that has > all the passwords and crypto in one place and handles requests from > those service daemons. > > I'm currently investigating how to build such a service and integrate it > into the services. Maybe a Unix socket is a good communication channel. > Dovecot should be able to query it with a custom Lua script. Haven't > looked into the other services yet. That auth service could be built > with Python for isolation from other services, high availability and > relatively low memory footprint. It connects to the database, reads and > updates the hashes and does all the crypto for its clients. > > Any suggestions about how to do that? > > Yves > > > [1] https://cryptobook.nakov.com/mac-and-key-derivation/argon2 > [2] https://github.com/tabrath/libsodium-core > [3] https://passlib.readthedocs.io/en/stable/lib/passlib.hash.argon2.html > > > > -------- Ursprüngliche Nachricht -------- > Von: Aki Tuomi <aki.tu...@open-xchange.com> > Gesendet: Sonntag, 30. August 2020, 16:33 MESZ > Betreff: PBKDF2 password hashing as in ASP.NET Core > > > Hi! > > The PBKDF2 algorithm is standard and should be compatible with ASP.NET Core. > > The salt parameter is 16 symbols from the salt character set > > ./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz > > followed by number of rounds > > hash is hex encoded 160-bit value which comes out of the PBKDF2 function > with SHA1. > > Dovecot does not currently have support for PBKDF2-SHA256, only > PBKDF2-SHA1. You could use CRYPT-SHA512 instead which is probably just > as good? > > Aki
