[Dovecot] PLAIN-MD5 password scheme with salt?

Timo Sirainen tss at iki.fi
Mon Feb 12 17:04:24 UTC 2007

On Thu, 2007-02-08 at 13:03 +0100, Steffen Weber wrote:
> Timo Sirainen wrote:
> > On Wed, 2007-02-07 at 17:01 +0100, Steffen Weber wrote:
> >> Can Dovecot append or prepend a salt to a password before hashing
> >> them?
> > 
> > Yes, but then it's called SMD5 and not PLAIN-MD5. If you want to use
> > both of them at the same time, prefix all the existing passwords with
> > {PLAIN-MD5}.
> Thank you for the quick reply. But how do I tell Dovecot which salt it 
> should use to hash the password sent by the email client before it is 
> compared to the one stored in the database?

The salt is stored in the generated SMD5 string itself. The salt is
randomly generated when creating the SMD5 hash. Looks like it currently
uses 4 byte salts, but the verification code allows the salt size to be

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20070212/b0cccbe7/attachment.pgp 

More information about the dovecot mailing list