[Dovecot] Storing passwords encrypted... bcrypt?

/dev/rob0 rob0 at gmx.co.uk
Thu Jan 19 19:37:15 EET 2012


On Tue, Jan 17, 2012 at 12:22:35AM +0000, Ed W wrote:
> Note I personally believe there are valid reasons to store
> plaintext passwords - this seems to cause huge criticism due to
> the ensuing disaster which can happen if the database is pinched,
> but it does allow for enhanced security in the password exchange,
> so ultimately it depends on where your biggest risk lies...

Exactly. In any security decision, consider the threat model first. 
There are too many kneejerk "secure" ideas in circulation.
-- 
  http://rob0.nodns4.us/ -- system administration and consulting
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:


More information about the dovecot mailing list