DEV Community

Cover image for Argon2 for Dovecot on Debian
Julian
Julian

Posted on

Argon2 for Dovecot on Debian

#security #dovecot #debian #argon2

TL;DR 

echo "deb https://packages.sury.org/php/ stretch main" > /etc/apt/sources.list.d/sury.list
apt-get update
apt-get install libsodium-dev dovecot-dev build-essential libtool-bin
git clone https://github.com/LuckyFellow/dovecot-libsodium-plugin
cd dovecot-libsodium-plugin
./autogen.sh
./configure --with-dovecot=/usr/lib/dovecot --with-moduledir=/usr/lib/dovecot/modules
make
make install
libtool --finish /usr/local/lib/dovecot/auth
Enter fullscreen mode Exit fullscreen mode

Details

the dovecot wiki tells us, that Argon2 is currently the most secure hashing algorithm. dovecot on debian stretch doesn't has the argon2 algorithm bundled.

root@mail:~# doveadm pw -l
MD5 MD5-CRYPT SHA SHA1 SHA256 SHA512 SMD5 SSHA SSHA256 SSHA512 PLAIN CLEAR CLEARTEXT PLAIN-TRUNC CRAM-MD5 SCRAM-SHA-1 HMAC-MD5 DIGEST-MD5 PLAIN-MD4 PLAIN-MD5 LDAP-MD5 LANMAN NTLM OTP SKEY RPA PBKDF2 CRYPT SHA256-CRYPT SHA512-CRYPT
Enter fullscreen mode Exit fullscreen mode

to be able to use doveadm pw -s argon2 you need to install the dovecot-libsodium-plugin. means build it yourself (but only the extension).

  • configure packages.sury.org/php als apt repository
  • install required packages
  • clone the dovecot-libsodium-plugin repo
  • build (you have to specify the dovecot and module path on debian)

not sure about the sury repo, only noticed, that after i have installed the php-sodium extension, the libsodium23 and libsodium-dev where installed from there

Get:1 https://packages.sury.org/php stretch/main amd64 libsodium23 amd64 1.0.16-2+0~20180103211631.7+stretch~1.gbpb56693 [153 kB]
Get:2 https://packages.sury.org/php stretch/main amd64 libsodium-dev amd64 1.0.16-2+0~20180103211631.7+stretch~1.gbpb56693 [171 kB]
Enter fullscreen mode Exit fullscreen mode

after the installation you should get this:

root@mail:~/dovecot-libsodium-plugin# doveadm pw -l
MD5 MD5-CRYPT SHA SHA1 SHA256 SHA512 SMD5 SSHA SSHA256 SSHA512 PLAIN CLEAR CLEARTEXT PLAIN-TRUNC CRAM-MD5 SCRAM-SHA-1 HMAC-MD5 DIGEST-MD5 PLAIN-MD4 PLAIN-MD5 LDAP-MD5 LANMAN NTLM OTP SKEY RPA PBKDF2 CRYPT SHA256-CRYPT SHA512-CRYPT SCRYPT ARGON2
Enter fullscreen mode Exit fullscreen mode

Top comments (0)

Read next

jamescroissant profile image

Understanding Modern Web Authentication Flows: Session vs JWT vs OAuth

Yu Hamada -

vijayashree44 profile image

The Dynamic Application Security Testing Process: A Step-by-Step Guide

Vijayashree -

arbythecoder profile image

How I Secured My Containerized Application Using Anchore (Day 29 Project)

Arbythecoder -

scofieldidehen profile image

Who is a Hacker?

Scofield Idehen -