2 Jul
2019
2 Jul
'19
11:27 p.m.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Tuesday, July 2, 2019 6:32 PM, Aki Tuomi via dovecot dovecot@dovecot.org wrote:
I don't actually recommend using password directly from user as password for private keys, I recommend running them thru some hash / pkcs5 before that.
That's a great idea and makes things even safer. I don't know much about PKCS5 but would SHA512 also be safe enough for hashing the password?
SHA512 would then generate a 128 characters hash which I would then pass to the parameter "-o plugin/mail_crypt_private_password=" of my "doveadm mailbox cryptokey generate ..." command.