Hi,
Just my thoughts,
I think what "salted SHA" means is that when you create a password, even if the password has got the same strings of alphanumerical characters and symbols, it creates a different hash every time.
s.
--- On Sun, 31/1/10, Timo Sirainen tss@iki.fi wrote:
From: Timo Sirainen tss@iki.fi Subject: Re: [Dovecot] sha-512 ... shadow blended with database To: "WJCarpenter" bill-dovecot@carpenter.ORG Cc: "Dovecot Mailing List" dovecot@dovecot.org Date: Sunday, 31 January, 2010, 4:55 On 30.1.2010, at 22.39, WJCarpenter wrote:
I have two populations of dovecot users. Some users have Unix accounts (with logins disabled), and so their password hashes are stored in /etc/shadow. These days, the default configuration for that is salted SHA-512. It's easy for me to change that scheme to something else if I want to, but the important fact is that I already have some users with passwords in salted SHA-512. The other population of users is purely virtual, and their password hashes are stored in a MySQL database in SHA-1 format (unsalted, but moving to salted wouldn't be a big deal). The database also has a
column identifying the hash scheme, so SHA-1 isn't some assumption.
By salted SHA-512 do you mean the $6$salt$sha format that glibc uses? If so, you can use CRYPT scheme, which causes Dovecot to use crypt() function.. Then assuming you're using new enough glibc, it understands it.