On 10/04/2012 08:11, Timo Sirainen wrote:
On 10.4.2012, at 5.37, Костырев Александр Алексеевич wrote:
Good day! I'm just trying to figure out that my understanding of subject is correct.
So, if I want to store passwords in my database encrypted with SSHA512 scheme, my only choice for Authentication mechanism is plaintext? Yeah, that's correct.
Does dovecot 2.0 also support SCRAM-SHA?
I only mention because it's come up on my radar recently and as I understand it, it solves the issue of either having
- plain text db of passwords, encrypted login
- encrypted db of passwords, plaintext login
With SCRAM you have both sides "encrypted".
(Clearly it's also desirable that the hash algorithm is well chosen to be resistant to bruteforce, so some might argue that bcrypt/scrypt is even more desirable since there is not yet a GPU implementation - However, at least SHA is a decent stab at things)
Can you confirm my understanding is correct?
Next question is whether any current mail client supports SCRAM..?
Regards
Ed W