[Dovecot] PLAIN password scheme question
Hi, ppls
There is some problem with using passwd-like file and plaintext passwords within it.
Let's assume we have users speaking russian. They think and remember their passwords also within russian words (they just not change keyboard layout before entering their passwords).
So if the user has password like ":jgf" (meaning "ass" in russian) and passwords are stored into passwd-like file within {PLAIN} scheme what will happen?
===== user:{PLAIN}:jgf:1234:1234:....
Isn't it a reason to implement something like {HEX} and why?
WBR Dmitri Ivanov
On Nov 13, 2008, at 8:08 PM, Dmitri V. Ivanov wrote:
So if the user has password like ":jgf" (meaning "ass" in russian) and passwords are stored into passwd-like file within {PLAIN} scheme what will happen?
===== user:{PLAIN}:jgf:1234:1234:....
Isn't it a reason to implement something like {HEX} and why?
v1.1+ supports {plain.b64} or {plain.hex}.
On Thu, Nov 13, 2008 at 08:16:17PM +0200, Timo Sirainen wrote:
v1.1+ supports {plain.b64} or {plain.hex}.
As far as I can see (well - grep is used) You are implemented something (I don't untderstand code jet - just from comments within src/auth/password-scheme.c). It seems like to look for .hex,.b64 and .base64, But I'm wrong to find anything about it from wiki or NEWS.
Where I'm wrong?
WBR Dmitri Ivanov
On Fri, 2008-11-14 at 23:29 +0300, Dmitri V. Ivanov wrote:
On Thu, Nov 13, 2008 at 08:16:17PM +0200, Timo Sirainen wrote:
v1.1+ supports {plain.b64} or {plain.hex}.
As far as I can see (well - grep is used) You are implemented something (I don't untderstand code jet - just from comments within src/auth/password-scheme.c). It seems like to look for .hex,.b64 and .base64, But I'm wrong to find anything about it from wiki or NEWS.
I just never remembered to announce it anywhere. Added now to http://wiki.dovecot.org/Authentication/PasswordSchemes
On Fri, Nov 21, 2008 at 10:20:08PM +0200, Timo Sirainen wrote:
I just never remembered to announce it anywhere. Added now to http://wiki.dovecot.org/Authentication/PasswordSchemes
Thanks a lot. And I beg Your pardon for distraction.
WBR Dmitri Ivanov
participants (2)
-
Dmitri V. Ivanov
-
Timo Sirainen