View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0005531 | SOGo | Backend General | public | 2022-06-07 10:01 | 2022-07-05 16:46 |
| Reporter | user1 | Assigned To | francis | ||
| Priority | normal | Severity | feature | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Platform | Linux | OS | Debian | OS Version | 11 |
| Product Version | 5.0.1 | ||||
| Fixed in Version | 5.7.1 | ||||
| Summary | 0005531: Add ability to set PasswordScheme | ||||
| Description | We use SOGo together with OpenLDAP 2.4.57. All passwords are stored with Argon2 password hash in the LDAP database. After we enabled password changes via SOGo we discovered the following situation
On the other side Dovecot switched some time ago to {ARGON2I} and {ARGON2ID}[2] Would it be possible to add the ability to set the PasswordScheme as a configuration option within SOGo like Roundcube uses it[3]? Anyway: Thanks for all your great work an SOGo. We really appreciate it. [1] https://git.openldap.org/begeragus/openldap/-/blob/master/servers/slapd/pwmods/README.argon2#L7 | ||||
| Tags | argon2, password | ||||
 |
It looks like argon2 is synonymous to argon2i, so adding it is really easy, see attached patch 0001-Support-ARGON2-scheme-being-identical-to-ARGON2I.patch (1,768 bytes)
From 97624f3888c9a69b9c11a505c19486d1438b112b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicolas=20H=C3=B6ft?= <nicolas@hoeft.de>
Date: Wed, 8 Jun 2022 07:54:42 +0200
Subject: [PATCH] Support ARGON2 scheme, being identical to ARGON2I
---
Documentation/SOGoInstallationGuide.asciidoc | 2 +-
SoObjects/SOGo/NSData+Crypto.m | 3 ++-
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/Documentation/SOGoInstallationGuide.asciidoc b/Documentation/SOGoInstallationGuide.asciidoc
index f4dabdc94..cd960ae7a 100644
--- a/Documentation/SOGoInstallationGuide.asciidoc
+++ b/Documentation/SOGoInstallationGuide.asciidoc
@@ -1668,7 +1668,7 @@ passwords. Possible values are: `none`, `plain`, `crypt`, `md5`,
`sha256-crypt`, `sha512`, `sha512-crypt`, its ssha (e.g. `ssha` or
`ssha256`) variants, `blf-crypt`, `PBKDF2`, and `sym-aes-128-cbc`.
The `argon2i` and `argon2id` password hashing algorithms are supported
-if SOGo is compiled with `libsodium`.
+if SOGo is compiled with `libsodium`. `argon2` is a synonym for `argon2i`.
Passwords can have the scheme prepended in the form
`{scheme}encryptedPass`.
diff --git a/SoObjects/SOGo/NSData+Crypto.m b/SoObjects/SOGo/NSData+Crypto.m
index ed7912494..6a2f241d1 100644
--- a/SoObjects/SOGo/NSData+Crypto.m
+++ b/SoObjects/SOGo/NSData+Crypto.m
@@ -272,7 +272,8 @@ static const char salt_chars[] =
return [self asPBKDF2SHA1UsingSalt: theSalt];
}
#ifdef HAVE_SODIUM
- else if ([passwordScheme caseInsensitiveCompare: @"argon2i"] == NSOrderedSame)
+ else if ([passwordScheme caseInsensitiveCompare: @"argon2i"] == NSOrderedSame ||
+ [passwordScheme caseInsensitiveCompare: @"argon2"] == NSOrderedSame)
{
return [self asArgon2iUsingSalt: theSalt];
}
--
2.33.0
|
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2022-06-07 10:01 | user1 | New Issue | |
| 2022-06-07 10:01 | user1 | Tag Attached: argon2 | |
| 2022-06-07 10:01 | user1 | Tag Attached: password | |
| 2022-06-08 05:55 | the_nic | Note Added: 0016093 | |
| 2022-06-08 05:55 | the_nic | File Added: 0001-Support-ARGON2-scheme-being-identical-to-ARGON2I.patch | |
| 2022-07-05 16:45 | francis | Changeset attached | => sogo master 2f9f6102 |
| 2022-07-05 16:45 | francis | Assigned To | => francis |
| 2022-07-05 16:45 | francis | Resolution | open => fixed |
| 2022-07-05 16:46 | francis | Status | new => resolved |
| 2022-07-05 16:46 | francis | Fixed in Version | => 5.7.1 |
