[Dovecot] sha-512 ... shadow blended with database

Spyros Tsiolis stsiol at yahoo.co.uk
Sun Jan 31 14:28:30 EET 2010


Hi,

Just my thoughts,

I think what "salted SHA" means is that when you create a password,
even if the password has got the same strings of alphanumerical
characters and symbols, it creates a different hash every time.


s.


--- On Sun, 31/1/10, Timo Sirainen <tss at iki.fi> wrote:

> From: Timo Sirainen <tss at iki.fi>
> Subject: Re: [Dovecot] sha-512 ... shadow blended with database
> To: "WJCarpenter" <bill-dovecot at carpenter.ORG>
> Cc: "Dovecot Mailing List" <dovecot at dovecot.org>
> Date: Sunday, 31 January, 2010, 4:55
> On 30.1.2010, at 22.39, WJCarpenter
> wrote:
> 
> > I have two populations of dovecot users.  Some
> users have Unix accounts (with logins disabled), and so
> their password hashes are stored in /etc/shadow.  These
> days, the default configuration for that is salted
> SHA-512.  It's easy for me to change that scheme to
> something else if I want to, but the important fact is that
> I already have some users with passwords in salted
> SHA-512.  The other population of users is purely
> virtual, and their password hashes are stored in a MySQL
> database in SHA-1 format (unsalted, but moving to salted
> wouldn't be a big deal).  The database also has a
> column identifying the hash scheme, so SHA-1 isn't some
> assumption.
> 
> By salted SHA-512 do you mean the $6$salt$sha format that
> glibc uses? If so, you can use CRYPT scheme, which causes
> Dovecot to use crypt() function.. Then assuming you're using
> new enough glibc, it understands it.
> 
> 


      



More information about the dovecot mailing list