The use of salt, today, is to prevent the attacker from directly seeing who has same passwords. Of course it also will make a rainbow table attack less useful, but then again, no one uses rainbow tables anymore since it takes about few minutes to brute force a password in the cloud or on your home computer GPU. SHA512-CRYPT uses by default 4000 rounds on dovecot, to make it more computationally expensive, but still it's not very strong protection anymore.
MD5 with or without salt can be attacked at passwords per second speed, so using CRAM-MD5 of DIGEST-MD5 is very very poor choice. Anything with MD5 should not be used for passwords these days.
With Dovecot 2.3 we are making BLF-CRYPT available on all platforms, and also adding support for ARGON2 when you have libsodium available.
Aki
On 27.10.2017 09:44, j.emerlik wrote:
Aki, if I understand it well, salt is useful when database is/was stolen ? Then thief can use eg. rainbow tables to decrypt passwords. Regards, Jack
2017-10-27 7:42 GMT+02:00 Aki Tuomi <aki.tuomi@dovecot.fi>:
On 27.10.2017 08:37, @lbutlr wrote:
On 25 Oct 2017, at 03:11, Aki Tuomi <aki.tuomi@dovecot.fi> wrote:
SHA512-CRYPT and PLAIN/LOGIN with SSL. I’m happy with SHA256-CRYPT and PLAIN/LOGIN.
Yes. SHA256-CRYPT is good too. It was just recommendation over using CRAM-MD5, use anything with salt.
Aki