[Dovecot] sha-512 ... shadow blended with database
Spyros Tsiolis
stsiol at yahoo.co.uk
Sun Jan 31 14:28:30 EET 2010
Hi,
Just my thoughts,
I think what "salted SHA" means is that when you create a password,
even if the password has got the same strings of alphanumerical
characters and symbols, it creates a different hash every time.
s.
--- On Sun, 31/1/10, Timo Sirainen <tss at iki.fi> wrote:
> From: Timo Sirainen <tss at iki.fi>
> Subject: Re: [Dovecot] sha-512 ... shadow blended with database
> To: "WJCarpenter" <bill-dovecot at carpenter.ORG>
> Cc: "Dovecot Mailing List" <dovecot at dovecot.org>
> Date: Sunday, 31 January, 2010, 4:55
> On 30.1.2010, at 22.39, WJCarpenter
> wrote:
>
> > I have two populations of dovecot users. Some
> users have Unix accounts (with logins disabled), and so
> their password hashes are stored in /etc/shadow. These
> days, the default configuration for that is salted
> SHA-512. It's easy for me to change that scheme to
> something else if I want to, but the important fact is that
> I already have some users with passwords in salted
> SHA-512. The other population of users is purely
> virtual, and their password hashes are stored in a MySQL
> database in SHA-1 format (unsalted, but moving to salted
> wouldn't be a big deal). The database also has a
> column identifying the hash scheme, so SHA-1 isn't some
> assumption.
>
> By salted SHA-512 do you mean the $6$salt$sha format that
> glibc uses? If so, you can use CRYPT scheme, which causes
> Dovecot to use crypt() function.. Then assuming you're using
> new enough glibc, it understands it.
>
>
More information about the dovecot
mailing list