Password encription

j.emerlik j.emerlik at gmail.com
Fri Oct 27 09:44:28 EEST 2017


Aki,
if I understand it well, salt is useful when database is/was stolen ?
Then thief can use eg. rainbow tables to decrypt passwords.
Regards,
Jack

2017-10-27 7:42 GMT+02:00 Aki Tuomi <aki.tuomi at dovecot.fi>:

>
>
> On 27.10.2017 08:37, @lbutlr wrote:
> > On 25 Oct 2017, at 03:11, Aki Tuomi <aki.tuomi at dovecot.fi> wrote:
> >> SHA512-CRYPT and PLAIN/LOGIN with SSL.
> > I’m happy with SHA256-CRYPT and PLAIN/LOGIN.
> >
> Yes. SHA256-CRYPT is good too. It was just recommendation over using
> CRAM-MD5, use anything with salt.
>
> Aki
>


More information about the dovecot mailing list