60 Seconds of WIP, 17 August 2023

Today’s snippet is from Run Your Own Mail Server, discussing Dovecot’s password algorithms. You also get a footnote.

What are all these algorithms, and why do you care? Most often, you don’t.

You just need to pick one.

Dovecot’s documentation declares that ARGON2I or ARGON2ID are the preferred algorithms. Blowfish (BLF-CRYPT) comes next. In 2010 the NIST recommended the PBKDF2 algorithm, although in 2023 NIST declared they would be revising their recommendation. If nothing else, the salted SHA512 scheme, SSHA512, is supported almost everywhere.¹ Many of the other algorithms supported come straight from OpenSSL, and are not suitable for production use. Do not use them unless your organization’s security policy insists you follow dangerously outdated standards.

¹ Please do note my anti-recommendation for the LANMAN algorithm.

If you wish to follow my bad example, please consider sponsoring the book. Or perhaps look at the Kickstarter for my next fiction collection.