[Dovecot] bcypt availability

Noel Butler noel.butler at ausics.net
Mon Jul 16 13:05:09 EEST 2012


On Sun, 2012-07-15 at 11:32 -0700, Robin wrote:


> Indeed.  What I have seen is a create deal of variation in the 
> configuration (/etc/login.defs or your distro's equivalent) in terms of 
> making use of such things.
> 
> I don't see any added value to bcrypt over iterated SHA-512, really, and 



bcrypt and scrypt are password hash's   - they are designed to be slow
 md5/sha/sha2  are cryptographic hash's -  they are designed to be fast

However, if you keep your database secure, yes, this means using
competent coders, then it matters little what method you use.

Of course if you allow system access to users, the strongest is better
than nothing.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
URL: <http://dovecot.org/pipermail/dovecot/attachments/20120716/279e2f01/attachment.bin>


More information about the dovecot mailing list