10 Apr
2012
10 Apr
'12
9:21 p.m.
On 10.4.2012, at 19.35, Ed W wrote:
Does dovecot 2.0 also support SCRAM-SHA?
v2.1 does.
I only mention because it's come up on my radar recently and as I understand it, it solves the issue of either having
- plain text db of passwords, encrypted login
- encrypted db of passwords, plaintext login
With SCRAM you have both sides "encrypted".
The same way as with DIGEST-MD5 and several others. Each mechanism requires that the server-side password is saved using a hash specific to that auth mechanism, none of them support generic MD5/SHA/etc hashes or other mechanisms' hashes. Looks like Dovecot's current SCRAM-SHA1 supports only plaintext passwords, but it would be possible to add SCRAM-SHA1 password scheme similar to others.