[Dovecot] Authentication mechanism and Password scheme

Ed W lists at wildgooses.com
Tue Apr 10 19:35:09 EEST 2012


On 10/04/2012 08:11, Timo Sirainen wrote:
> On 10.4.2012, at 5.37, Костырев Александр Алексеевич wrote:
>
>> Good day!
>> I'm just trying to figure out that my understanding of subject is correct.
>>
>> So, if I want to store passwords in my database encrypted with SSHA512 scheme,
>> my only choice for Authentication mechanism is plaintext?
> Yeah, that's correct.
>

Does dovecot 2.0 also support SCRAM-SHA?

I only mention because it's come up on my radar recently and as I 
understand it, it solves the issue of either having
- plain text db of passwords, encrypted login
- encrypted db of passwords, plaintext login

With SCRAM you have both sides "encrypted".

(Clearly it's also desirable that the hash algorithm is well chosen to 
be resistant to bruteforce, so some might argue that bcrypt/scrypt is 
even more desirable since there is not yet a GPU implementation - 
However, at least SHA is a decent stab at things)

Can you confirm my understanding is correct?

Next question is whether any current mail client supports SCRAM..?

Regards

Ed W




More information about the dovecot mailing list