DEV Community

Cover image for Argon2 for Dovecot on Debian
Julian
Julian

Posted on

4 1

Argon2 for Dovecot on Debian

TL;DR

echo "deb https://packages.sury.org/php/ stretch main" > /etc/apt/sources.list.d/sury.list
apt-get update
apt-get install libsodium-dev dovecot-dev build-essential libtool-bin
git clone https://github.com/LuckyFellow/dovecot-libsodium-plugin
cd dovecot-libsodium-plugin
./autogen.sh
./configure --with-dovecot=/usr/lib/dovecot --with-moduledir=/usr/lib/dovecot/modules
make
make install
libtool --finish /usr/local/lib/dovecot/auth
Enter fullscreen mode Exit fullscreen mode

Details

the dovecot wiki tells us, that Argon2 is currently the most secure hashing algorithm. dovecot on debian stretch doesn't has the argon2 algorithm bundled.

root@mail:~# doveadm pw -l
MD5 MD5-CRYPT SHA SHA1 SHA256 SHA512 SMD5 SSHA SSHA256 SSHA512 PLAIN CLEAR CLEARTEXT PLAIN-TRUNC CRAM-MD5 SCRAM-SHA-1 HMAC-MD5 DIGEST-MD5 PLAIN-MD4 PLAIN-MD5 LDAP-MD5 LANMAN NTLM OTP SKEY RPA PBKDF2 CRYPT SHA256-CRYPT SHA512-CRYPT
Enter fullscreen mode Exit fullscreen mode

to be able to use doveadm pw -s argon2 you need to install the dovecot-libsodium-plugin. means build it yourself (but only the extension).

  • configure packages.sury.org/php als apt repository
  • install required packages
  • clone the dovecot-libsodium-plugin repo
  • build (you have to specify the dovecot and module path on debian)

not sure about the sury repo, only noticed, that after i have installed the php-sodium extension, the libsodium23 and libsodium-dev where installed from there

Get:1 https://packages.sury.org/php stretch/main amd64 libsodium23 amd64 1.0.16-2+0~20180103211631.7+stretch~1.gbpb56693 [153 kB]
Get:2 https://packages.sury.org/php stretch/main amd64 libsodium-dev amd64 1.0.16-2+0~20180103211631.7+stretch~1.gbpb56693 [171 kB]
Enter fullscreen mode Exit fullscreen mode

after the installation you should get this:

root@mail:~/dovecot-libsodium-plugin# doveadm pw -l
MD5 MD5-CRYPT SHA SHA1 SHA256 SHA512 SMD5 SSHA SSHA256 SSHA512 PLAIN CLEAR CLEARTEXT PLAIN-TRUNC CRAM-MD5 SCRAM-SHA-1 HMAC-MD5 DIGEST-MD5 PLAIN-MD4 PLAIN-MD5 LDAP-MD5 LANMAN NTLM OTP SKEY RPA PBKDF2 CRYPT SHA256-CRYPT SHA512-CRYPT SCRYPT ARGON2
Enter fullscreen mode Exit fullscreen mode

Image of Timescale

🚀 pgai Vectorizer: SQLAlchemy and LiteLLM Make Vector Search Simple

We built pgai Vectorizer to simplify embedding management for AI applications—without needing a separate database or complex infrastructure. Since launch, developers have created over 3,000 vectorizers on Timescale Cloud, with many more self-hosted.

Read more

Top comments (0)

Sentry image

See why 4M developers consider Sentry, “not bad.”

Fixing code doesn’t have to be the worst part of your day. Learn how Sentry can help.

Learn more