MD5-CRYPT/CRAM-MD5 vs SHA512-CRYPT/PLAIN

ML mail mlnospam at yahoo.com
Fri Dec 5 11:24:57 UTC 2014


Hello,

I am wondering which variant is more secure for user authentication and password scheme. Basically I am looking at both variants:

1) MD5-CRYPT password scheme storage with CRAM-MD5 auth mechanism
2) SHA512-CRYPT password scheme storage with PLAIN auth mechanism

In my opinion the option 2) should be safer although it is using PLAIN auth mechanism. Of course I would always use STARTTLS and not allow unencrypted connection.

What is your opinion?

Best,
ML


More information about the dovecot mailing list