DEV Community

Cover image for Argon2 for Dovecot on Debian
Julian
Julian

Posted on

4 1

Argon2 for Dovecot on Debian

#security #dovecot #debian #argon2

TL;DR 

echo "deb https://packages.sury.org/php/ stretch main" > /etc/apt/sources.list.d/sury.list
apt-get update
apt-get install libsodium-dev dovecot-dev build-essential libtool-bin
git clone https://github.com/LuckyFellow/dovecot-libsodium-plugin
cd dovecot-libsodium-plugin
./autogen.sh
./configure --with-dovecot=/usr/lib/dovecot --with-moduledir=/usr/lib/dovecot/modules
make
make install
libtool --finish /usr/local/lib/dovecot/auth
Enter fullscreen mode Exit fullscreen mode

Details

the dovecot wiki tells us, that Argon2 is currently the most secure hashing algorithm. dovecot on debian stretch doesn't has the argon2 algorithm bundled.

root@mail:~# doveadm pw -l
MD5 MD5-CRYPT SHA SHA1 SHA256 SHA512 SMD5 SSHA SSHA256 SSHA512 PLAIN CLEAR CLEARTEXT PLAIN-TRUNC CRAM-MD5 SCRAM-SHA-1 HMAC-MD5 DIGEST-MD5 PLAIN-MD4 PLAIN-MD5 LDAP-MD5 LANMAN NTLM OTP SKEY RPA PBKDF2 CRYPT SHA256-CRYPT SHA512-CRYPT
Enter fullscreen mode Exit fullscreen mode

to be able to use doveadm pw -s argon2 you need to install the dovecot-libsodium-plugin. means build it yourself (but only the extension).

  • configure packages.sury.org/php als apt repository
  • install required packages
  • clone the dovecot-libsodium-plugin repo
  • build (you have to specify the dovecot and module path on debian)

not sure about the sury repo, only noticed, that after i have installed the php-sodium extension, the libsodium23 and libsodium-dev where installed from there

Get:1 https://packages.sury.org/php stretch/main amd64 libsodium23 amd64 1.0.16-2+0~20180103211631.7+stretch~1.gbpb56693 [153 kB]
Get:2 https://packages.sury.org/php stretch/main amd64 libsodium-dev amd64 1.0.16-2+0~20180103211631.7+stretch~1.gbpb56693 [171 kB]
Enter fullscreen mode Exit fullscreen mode

after the installation you should get this:

root@mail:~/dovecot-libsodium-plugin# doveadm pw -l
MD5 MD5-CRYPT SHA SHA1 SHA256 SHA512 SMD5 SSHA SSHA256 SSHA512 PLAIN CLEAR CLEARTEXT PLAIN-TRUNC CRAM-MD5 SCRAM-SHA-1 HMAC-MD5 DIGEST-MD5 PLAIN-MD4 PLAIN-MD5 LDAP-MD5 LANMAN NTLM OTP SKEY RPA PBKDF2 CRYPT SHA256-CRYPT SHA512-CRYPT SCRYPT ARGON2
Enter fullscreen mode Exit fullscreen mode
profile
Postmark
 Promoted

Postmark Image

Speedy emails, satisfied customers

Are delayed transactional emails costing you user satisfaction? Postmark delivers your emails almost instantly, keeping your customers happy and connected.

Sign up

Top comments (0)

profile
Pieces.app
 Promoted

A Workflow Copilot. Tailored to You.

Pieces.app image

Our desktop app, with its intelligent copilot, streamlines coding by generating snippets, extracting code from screenshots, and accelerating problem-solving.

Read the docs

Read next

jajera profile image

Configure SSH Login from Windows to Windows

John Ajera -

jajera profile image

Configuring AWS Vault with the Pass Backend for Secure Credential Management on Linux

John Ajera -

adrian_zuplo profile image

User-level auth in your Supabase API - Supaweek Day 2

Adrian Machado -

jully profile image

A Developer's Take on Cerbos: The Smarter Way to Handle Authorization

Juliet Ofoegbu -