Percent character in mail_crypt_private_password not possible

mabi mabi at protonmail.ch
Tue Jul 2 23:27:43 EEST 2019


‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Tuesday, July 2, 2019 6:32 PM, Aki Tuomi via dovecot <dovecot at dovecot.org> wrote:

> I don't actually recommend using password directly from user as password for private keys, I recommend running them thru some hash / pkcs5 before that.

That's a great idea and makes things even safer. I don't know much about PKCS5 but would SHA512 also be safe enough for hashing the password?

SHA512 would then generate a 128 characters hash which I would then pass to the parameter "-o plugin/mail_crypt_private_password=" of my "doveadm mailbox cryptokey generate ..." command.



More information about the dovecot mailing list