I like to see bcrypt included as well, it will be great to be able to use bcrypt in more software (not only dovecot) through libc. > On Sun, Mar 24, 2013 at 07:33:49PM -0700, Joel Lopes Da Silva wrote: > > I would like to use bcrypt (BLF-CRYPT) for my password scheme in > > Dovecot, but I can't because bcrypt support doesn't seem to have > > been integrated into the Debian libc. > > Why do you want bcrypt? glibc support sha256 und sha512, which uses > several thousand rounds of hashing and should be good enough. bcrypt seams better for password storing purposes. I'm not crypto specialist but you can see nice analysis why to use bcrypt over SHA-512 on http://stackoverflow.com/a/1561245/259187 I believe that main reason to include bcrypt support is to provide debian users with more options and better security. When some flaw appears in SHA-512 we will have bcrypt available immediately. It seams that for now bcrypt is available only in Suse Linux and I suppose it is also place where you can patches. You can find patches and more info at http://www.openwall.com/crypt/ > > Here's the list of supported password schemes by Dovecot on my > > Debian Wheezy machine: > > # doveadm pw -l > > CRYPT MD5 MD5-CRYPT SHA SHA1 SHA256 SHA512 SMD5 SSHA SSHA256 > > SSHA512 PLAIN CLEARTEXT PLAIN-TRUNC CRAM-MD5 HMAC-MD5 DIGEST-MD5 > > PLAIN-MD4 PLAIN-MD5 LDAP-MD5 LANMAN NTLM OTP SKEY RPA SHA256-CRYPT > > SHA512-CRYPT > > Please explain what this should tell us. He just want to show that BLF-CRYPT is missing from this list on wheezy and pam_unix2 will be no help. For dovecot and other software we need to have support dirrectly in libc. Thanks for considering. -- .''`. Ondra 'Kepi' Kudlik : :' : Debian GNU/Linux User `. `' `- http://kepi.cz :: http://twitter.com/kepicz
Attachment:
signature.asc
Description: Digital signature