#85 Dovecot SSHA support

closed-fixed
nobody
Core (27)
5
2016-08-25
2010-01-31
Dehalion
No

Dovecot SSHA encryption is not supported by default because dovecotpw doesn't allow to give a salt for creating a password.

I found a PHP function written by chantra at http://coding.debuntu.org/php-how-calculate-ssha-value-string which verifies a given SSHA hash and a plaintext password. This function is used if the password in the database starts with {SSHA} and dovecot is used as encryption type.

Discussion

  • Dehalion

    Dehalion - 2010-01-31

    I forgot:
    affected files: only functions.inc.php
    modified function pacrypt()
    added function ssha_verify_password()

     
  • GingerDog

    GingerDog - 2010-03-24

    Hi
    thanks for taking the time to submit the patch - however, could you please regenerate it? It doesn't include any file names, or context around the changes, so I'm unsure as to where it should apply.

    If possible could you just attach the output from e.g. 'diff -u newfile.php oldfile.php' or something similar?

    Thanks!

     
  • Dehalion

    Dehalion - 2010-03-27

    SSHA patch file with filenames

     
  • Dehalion

    Dehalion - 2010-03-27

    Sorry for the wrong diff format.
    I hoped my comment would clarify which file is modified (since I only touched one single file). I updated the patch file and hope everything is fine now :D

     
  • nukleus

    nukleus - 2013-06-08

    As this is still open and doesn't seem to have been merged, postfixadmin still doesn't support ssha{,256,512} :(

    However, the "doveadm pw"-utility allows to check if a hash matches a password like so:

    doveadm pw -s SSHA512 -p "test123"
    {SSHA512}WucBQuH6NyeRYMz6gHQddkJLwzTUXaf8Ag0n9YM0drMFHG9XCO+FllvvwjXmo5/yFPvs+n1JVvJmdsvX5XHYvSUn9Xw=
    Now we use that hash to verify the password:
    doveadm pw -s SSHA512 -t {SSHA512}WucBQuH6NyeRYMz6gHQddkJLwzTUXaf8Ag0n9YM0drMFHG9XCO+FllvvwjXmo5/yFPvs+n1JVvJmdsvX5XHYvSUn9Xw= -p "test123"
    {SSHA512}WucBQuH6NyeRYMz6gHQddkJLwzTUXaf8Ag0n9YM0drMFHG9XCO+FllvvwjXmo5/yFPvs+n1JVvJmdsvX5XHYvSUn9Xw= (verified)

    Of course it asks for the password on the command line when not using "-p". This way it should be trivial to check if the given password matches the password retrieved from the database, thus enabling postfixadmin to work with whatever scheme is used by dovecot.

     
  • Christian Boltz

    Christian Boltz - 2016-08-25
    • status: open --> closed-fixed
    • Group: --> SVN (please specify revision!)
     
  • Christian Boltz

    Christian Boltz - 2016-08-25

    3.0 beta uses doveadm pw -t (except for non-salted hashes to stay as backwards-compatible as possible), so SSHA passwords should work now (even without this patch applied)

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks