On 4/5/2013 11:36 PM, Jim Pazarena wrote:
I have just come to the realization that password encryption using the crypt function in linux, ONLY USES THE FIRST 8 CHARS. I have written routines using crypt allowing 16+ chars, and find that anything past 8 is ignored. Wow.
Is there a way around this that can be used in dovecot, as well as encryption routines for an email front end? (not system users).
It's the integration with dovecot which is the most important.
Dovecot supports *many* password hashing algorithms. Switch to SHA512 if you want good security. Generally the system figures out what hash a password is stored in, so you can mix and match. Set a default and all new passwords plus whenever a user changes their password, will generate a hash in the new format.
Dem