8 Feb
2007
8 Feb
'07
1:30 p.m.
On Wed, 2007-02-07 at 17:01 +0100, Steffen Weber wrote:
I'm storing passwords as MD5 hashes in a MySQL database and have specified "default_pass_scheme = PLAIN-MD5" in dovecot-sql.conf.
Can Dovecot append or prepend a salt to a password before hashing them? Because without salt the plaintext passwords can be restored from the MD5 hashes using rainbow tables.
Yes, but then it's called SMD5 and not PLAIN-MD5. If you want to use both of them at the same time, prefix all the existing passwords with {PLAIN-MD5}.