[Dovecot] How to manually generate a password hash
Joseph Tam
jtam.home at gmail.com
Mon Apr 15 01:30:00 EEST 2013
David Murphy writes:
http://en.wikipedia.org/wiki/Salt_%28cryptography%29
> So... what am I missing? If the hash was salted, it would seem the
> hashes in the database would be longer than the ones generated at the
> command line, but that isn't the case. I'm out of ideas. Any guidance
> appreciated.
The hashes are salted, and that is why the hashes are different, even though
the same password is used. (Test it by using the output of "doveadm pw" and
plugging it into your test account).
The hashes ought to be the same length. The out would be proportional
to the length of your input password if the were encrypting, rathher
than hashing. But the length of the hash is consant + encoded(salt) +
encoded (hash(password)), all of which ought to be fixed lengths.
Joseph Tam <jtam.home at gmail.com>
More information about the dovecot
mailing list