[Dovecot] RFE: MD5 encryption with for plain text passwords

Felix Schwarz Felix.Schwarz at web.de
Fri Jul 23 13:06:00 EEST 2004


Hi,

due to compatibility issues with mail clients I think I have to use
plain text authentication. In order to secure the passwords during
their transport I'll use SSL encryption.

After reading some documentation I think that I'll have to store the
passwords as plain text in the authdb. That is something I dislike
very much as it is a (imho) good tradition for unix to store only
encrypted passwords for security reasons.

I would like to see the possibility in dovecot to store the passwords
for plain text authentication md5 encrypted. That should be easy to
implement (just one md5 encryption before comparing the given password
with the stored one) and could improve security.
As this would be an api change it should be made configurable (and in
the first versions this setting should default to the actual
behavior).

How do you like this idea? Maybe I can provide a patch but I won't
work on this if you won't include it within dovecot at all.

And last but not least I want to thank you for your great support! I
really appreciate it! :-)

-- 
Felix




More information about the dovecot mailing list