[Dovecot] password encryption
Professa Dementia
professa at dementianati.com
Sat Apr 6 11:37:36 EEST 2013
On 4/5/2013 11:36 PM, Jim Pazarena wrote:
> I have just come to the realization that password encryption using the
> crypt function in linux, ONLY USES THE FIRST 8 CHARS. I have written
> routines using crypt allowing 16+ chars, and find that anything past 8
> is ignored. Wow.
>
> Is there a way around this that can be used in dovecot, as well as
> encryption routines for an email front end? (not system users).
>
> It's the integration with dovecot which is the most important.
>
Dovecot supports *many* password hashing algorithms. Switch to SHA512
if you want good security. Generally the system figures out what hash a
password is stored in, so you can mix and match. Set a default and all
new passwords plus whenever a user changes their password, will generate
a hash in the new format.
Dem
More information about the dovecot
mailing list