[Dovecot] salted passwords

Timo Sirainen tss at iki.fi
Wed Feb 17 02:05:12 EET 2010

On 15.2.2010, at 19.42, Leonardo Rodrigues wrote:

>    from sources on src/auth i can find some interesting informations:
> /* format: <SHA1 hash><salt> */
> and
> #define SSHA256_SALT_LEN 4
> so the salt really seems to be 4-byte (which in fact are 8 when watching in hexadecimal), the exact difference on dovecotpw non-salted and salted generated passwords.

The generated SSHA256 passwords have 4 byte salt, but Dovecot supports reading any salt length.

More information about the dovecot mailing list