Re: [CentOS] Support for Argon2 for password hashing
I found that EPEL has argon2-20161029-2, but the dovecot 2.2.36 in C7 does not use it. If I were to compile dovecot 2.3, it comes with argon2 built in. I don't want to get into the build business, I have other things demanding my time. It would be nice to have argon2, but my server is small, and sha512 is a lot better than md5. On 2/13/19 1:57 PM, Alice Wonder wrote: The version of libsodium in EPEL supports argon2 For php you can build the libsodium extension. Also php 7.2+ builds that extension if you specify it build time using --with-sodium=shared switch. For dovecot you have to build it against sodium which means building your own packages but it works. At least with modern upstream dovecot. On 2/13/19 5:18 AM, Robert Moskowitz wrote: Is there any information on adding support for Argon2? I have been working on my new mailserver and this came up in moving from the default MD5 hash to more 'modern' hashes like SHA256 and SHA512. Then I was pointed to the work behind Argon2, and I see that it is moving through the IRTF cfrg workgroup: draft-irtf-cfrg-argon2-04.txt It is a 'purpose built' hash for passwords, with recommendations that new implementations use it. Of course can't use it if crypt does not support it thanks ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Support for Argon2 for password hashing
The version of libsodium in EPEL supports argon2 For php you can build the libsodium extension. Also php 7.2+ builds that extension if you specify it build time using --with-sodium=shared switch. For dovecot you have to build it against sodium which means building your own packages but it works. At least with modern upstream dovecot. On 2/13/19 5:18 AM, Robert Moskowitz wrote: Is there any information on adding support for Argon2? I have been working on my new mailserver and this came up in moving from the default MD5 hash to more 'modern' hashes like SHA256 and SHA512. Then I was pointed to the work behind Argon2, and I see that it is moving through the IRTF cfrg workgroup: draft-irtf-cfrg-argon2-04.txt It is a 'purpose built' hash for passwords, with recommendations that new implementations use it. Of course can't use it if crypt does not support it thanks ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Support for Argon2 for password hashing
Am 13.02.2019 um 14:18 schrieb Robert Moskowitz: Is there any information on adding support for Argon2? Did you check the RHEL 8 beta? Alexander ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Support for Argon2 for password hashing
Is there any information on adding support for Argon2? I have been working on my new mailserver and this came up in moving from the default MD5 hash to more 'modern' hashes like SHA256 and SHA512. Then I was pointed to the work behind Argon2, and I see that it is moving through the IRTF cfrg workgroup: draft-irtf-cfrg-argon2-04.txt It is a 'purpose built' hash for passwords, with recommendations that new implementations use it. Of course can't use it if crypt does not support it thanks ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
