Strange behaviour with BLF-CRYPT and SHA*-CRYPT pasword schemas

Aki Tuomi aki.tuomi at open-xchange.com
Thu Mar 7 14:24:00 EET 2019


On 7.3.2019 14.00, Kristijan Savic - ratiokontakt GmbH wrote:
>> You could configure default scheme as CRYPT. It covers these all. Otherwise
>> you need to make sure passwords have {SCHEME} prefix when it differs from
>> default or oddities occur. ---
> Thank you for the tip with CRYPT.
>
> Is there any explanation for this behaviour though?
>
> Why are BCRYPT hashes accepted when default_pass_scheme is set to SHA512-CRYPT 
> and not vice versa?  Is this normal?
>
Because SHA512-CRYPT is directly sent to crypt(3) but BLF-CRYPT and
CRYPT are ran thru something that checks if it starts with $2$ or not,
as linux does not actually support bcrypt in crypt(3).

Aki


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://dovecot.org/pipermail/dovecot/attachments/20190307/c16085ba/attachment-0001.sig>


More information about the dovecot mailing list