I did a similar upgrade, and now in the process of migrating from
SHA512-CRYPT
to BLF-CRYPT with an appropriately set rounds, as I think the default
rounds
is a little low.
A good write-up on migrating passwords and calculating the rounds:
https://kaworu.ch/blog/2016/04/20/strong-crypt-scheme-with-dovecot-postfixadmin-and-roundcube/
I would take into consideration the following factors when deciding the
hashing algo.
1. Other tools/scripts that need to update or check passwords in the
database,
for example:
- roundcube webmail has a plugin to allow users to change their
password
using a variety of methods.
- postfixadmin
For a long time, bcrypt wasn't natively supported by either the
version of php
or underlying OS libs, so these tools had to rely on calling "doveadm
pw "
to generate BLF-CRYPT hashes. And assumed that doveadm was available
on the same server as it.
The latest versions support bcrypt and newer hashing algos natively.
Some tools might rely on the database (mysql/mariadb) to hash
passwords, so
this may also be a consideration.
2. Server load / libs:
- The Dovecot docs:
https://doc.dovecot.org/configuration_manual/authentication/password_schemes/
has this to say on ARGON2I/ARGON2ID:
"Argon2 is the winner of password hashing competition held at July
2015. The password will
start with $argon2i$ or $argon2id$. You can use -r to tune
computational complexity,
minimum is 3. ARGON2ID is only available if your libsodium is
recent enough.
ARGON2 can require quite a hefty amount of virtual memory, so we
recommend that you set
service auth { vsz_limit = 2G } at least, or more."
There's a good write up of considering the various algos:
https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html
I considered BLF-CRYPT (for the time being) to be strong enough and a
good balance between compatibility, strength and server load, given the
number of users etc.
Rob
On 2023-06-23 02:14, David Mehler wrote:
Hello,
I'm migrating to a new server. It's running Debian 11 currently though
that's going 12 this weekend. Currently it uses Openssl v3.0.9, and
dovecot 2.3.13 and MySQL (in this case Mariadb) for storing user
account information v10.6.14. My question is in regards password
storage and scheme/encryption/salts.
Currently they are stored in Mariadb password field with a type of
varchar and a 255 character length, and are stored as SHA512-CRYPT.
I'm wondering if I should keep this as is or when I migrate go to
another scheme? I'm thinking argon2i, argon2d, argon2id, sha512,
sha512-crypt, tiger2, saltt?
--
Robert Lister - email: r...@lentil.org - tel: 020 7043 7996
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
