DEV Community

Cover image for Argon2 for Dovecot on Debian
Julian
Julian

Posted on

Argon2 for Dovecot on Debian

#security #dovecot #debian #argon2

TL;DR 

echo "deb https://packages.sury.org/php/ stretch main" > /etc/apt/sources.list.d/sury.list
apt-get update
apt-get install libsodium-dev dovecot-dev build-essential libtool-bin
git clone https://github.com/LuckyFellow/dovecot-libsodium-plugin
cd dovecot-libsodium-plugin
./autogen.sh
./configure --with-dovecot=/usr/lib/dovecot --with-moduledir=/usr/lib/dovecot/modules
make
make install
libtool --finish /usr/local/lib/dovecot/auth
Enter fullscreen mode Exit fullscreen mode

Details

the dovecot wiki tells us, that Argon2 is currently the most secure hashing algorithm. dovecot on debian stretch doesn't has the argon2 algorithm bundled.

root@mail:~# doveadm pw -l
MD5 MD5-CRYPT SHA SHA1 SHA256 SHA512 SMD5 SSHA SSHA256 SSHA512 PLAIN CLEAR CLEARTEXT PLAIN-TRUNC CRAM-MD5 SCRAM-SHA-1 HMAC-MD5 DIGEST-MD5 PLAIN-MD4 PLAIN-MD5 LDAP-MD5 LANMAN NTLM OTP SKEY RPA PBKDF2 CRYPT SHA256-CRYPT SHA512-CRYPT
Enter fullscreen mode Exit fullscreen mode

to be able to use doveadm pw -s argon2 you need to install the dovecot-libsodium-plugin. means build it yourself (but only the extension).

  • configure packages.sury.org/php als apt repository
  • install required packages
  • clone the dovecot-libsodium-plugin repo
  • build (you have to specify the dovecot and module path on debian)

not sure about the sury repo, only noticed, that after i have installed the php-sodium extension, the libsodium23 and libsodium-dev where installed from there

Get:1 https://packages.sury.org/php stretch/main amd64 libsodium23 amd64 1.0.16-2+0~20180103211631.7+stretch~1.gbpb56693 [153 kB]
Get:2 https://packages.sury.org/php stretch/main amd64 libsodium-dev amd64 1.0.16-2+0~20180103211631.7+stretch~1.gbpb56693 [171 kB]
Enter fullscreen mode Exit fullscreen mode

after the installation you should get this:

root@mail:~/dovecot-libsodium-plugin# doveadm pw -l
MD5 MD5-CRYPT SHA SHA1 SHA256 SHA512 SMD5 SSHA SSHA256 SSHA512 PLAIN CLEAR CLEARTEXT PLAIN-TRUNC CRAM-MD5 SCRAM-SHA-1 HMAC-MD5 DIGEST-MD5 PLAIN-MD4 PLAIN-MD5 LDAP-MD5 LANMAN NTLM OTP SKEY RPA PBKDF2 CRYPT SHA256-CRYPT SHA512-CRYPT SCRYPT ARGON2
Enter fullscreen mode Exit fullscreen mode

Top comments (0)

Read next

oluwaseun_musa profile image

Building Cloud Security Efforts with AWS CAF and Well-Architected Framework

Seun -

fkkarakurt profile image

Be Careful When Using YAML in Python! There May Be Security Vulnerabilities

Fatih Küçükkarakurt -

vipulkumarsviit profile image

Understanding SSL and Its Importance

Vipul Kumar -

tecno-security profile image

Unveiling the Unseen: A Journey from Simple Recon Using Shodan to Leaking AWS Secrets

TECNO Security -