Is there any information on adding support for Argon2?
I have been working on my new mailserver and this came up in moving from the default MD5 hash to more 'modern' hashes like SHA256 and SHA512. Then I was pointed to the work behind Argon2, and I see that it is moving through the IRTF cfrg workgroup:
draft-irtf-cfrg-argon2-04.txt
It is a 'purpose built' hash for passwords, with recommendations that new implementations use it. Of course can't use it if crypt does not support it....
thanks
The version of libsodium in EPEL supports argon2
For php you can build the libsodium extension. Also php 7.2+ builds that extension if you specify it build time using --with-sodium=shared switch.
For dovecot you have to build it against sodium which means building your own packages but it works. At least with modern upstream dovecot.
On 2/13/19 5:18 AM, Robert Moskowitz wrote:
Is there any information on adding support for Argon2?
I have been working on my new mailserver and this came up in moving from the default MD5 hash to more 'modern' hashes like SHA256 and SHA512. Then I was pointed to the work behind Argon2, and I see that it is moving through the IRTF cfrg workgroup:
draft-irtf-cfrg-argon2-04.txt
It is a 'purpose built' hash for passwords, with recommendations that new implementations use it. Of course can't use it if crypt does not support it....
thanks
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
I found that EPEL has argon2-20161029-2, but the dovecot 2.2.36 in C7 does not use it.
If I were to compile dovecot 2.3, it comes with argon2 built in.
I don't want to get into the build business, I have other things demanding my time. It would be nice to have argon2, but my server is small, and sha512 is a lot better than md5.
On 2/13/19 1:57 PM, Alice Wonder wrote:
The version of libsodium in EPEL supports argon2
For php you can build the libsodium extension. Also php 7.2+ builds that extension if you specify it build time using --with-sodium=shared switch.
For dovecot you have to build it against sodium which means building your own packages but it works. At least with modern upstream dovecot.
On 2/13/19 5:18 AM, Robert Moskowitz wrote:
Is there any information on adding support for Argon2?
I have been working on my new mailserver and this came up in moving from the default MD5 hash to more 'modern' hashes like SHA256 and SHA512. Then I was pointed to the work behind Argon2, and I see that it is moving through the IRTF cfrg workgroup:
draft-irtf-cfrg-argon2-04.txt
It is a 'purpose built' hash for passwords, with recommendations that new implementations use it. Of course can't use it if crypt does not support it....
thanks
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
-
Alexander Dalloz -
Alice Wonder -
Robert Moskowitz