1

Topic: iredmail SHA512 password hashing

==== Required information ====
- iRedMail version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Linux/BSD distribution name and version:
- Related log if you're reporting an issue:
==== ==== Required information ====
- iRedMail version: v0.1.5
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Linux/BSD distribution name and version: Ubuntu 10.04
- Related log if you're reporting an issue:
====

According to this announcement:
http://www.iredmail.org/forum/topic4220 … ha512.html

iredmail now supports SHA512 password scheme. According to the example password for SHA512:

SSHA512: {SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs/lIH2Qxn2eA0jygXtBhMvRi7GNFmL++6aAZ0kXpcy1fxag=

Am I to assume to assume that FxgXDhBVYmTqoboW part is the salt and everything after the + is the actual hash of the password?

If that's the case, I'm assuming that the password is generated using the PHP crypt function using 5000 rounds (default)? I am wondering because it looks a bit different than the PHP documentation which shows a SHA512 hash as follows:

$6$rounds=5000$usesomesillystri$D4IrlXatmP7rx3P3InaxBeoomnAihCKRVQP22JZ6EY47Wc6BkroIuUUBOov1i.S5KPgErtP/EN5mcO.ChWQW21

I would appreciate some clarification on this.

Thanks

Also, what version of iredmail do I need to be to get the SHA512 password support?

2

Re: iredmail SHA512 password hashing

Hi deeztek,

I'm not familiar with PHP, but you can check how we generate SSHA512 hash with Python code here:
https://bitbucket.org/zhb/iredadmin-ose … ult#cl-425

And here's password schemes supported in Dovecot-2:
http://wiki2.dovecot.org/Authentication/PasswordSchemes

deeztek wrote:

Also, what version of iredmail do I need to be to get the SHA512 password support?

The upcoming release, iRedAdmin-0.2.1 (open source edition). Of course upcoming iRedAdmin-Pro supports it too.