Re: Changing email password storage format

To: debian-user@lists.debian.org
Subject: Re: Changing email password storage format
From: Camaleón <noelamac@gmail.com>
Date: Thu, 6 Sep 2012 15:22:52 +0000 (UTC)
Message-id: <[🔎] k2af4c$vdj$10@ger.gmane.org>
References: <[🔎] D2A69881-AE45-47C8-A26E-4CF3B19BF12E@really-force.net>

On Wed, 05 Sep 2012 18:02:40 +0200, Sebastian wrote:

(...)

> I want to upgrade the password storage from crypt to SSHA512, which
> makes hashes harder to crack in case the hashes get stolen.
> bcrypt/scrypt would be even better, although Dovecot does not seem to
> support these natively (am I right here?).

According to this recent post I think you're right:

http://www.dovecot.org/list/dovecot/2012-July/067156.html

> Anyway:
> In order to convert the hashes, I need the cleartext passwords. So one
> idea would be to tell Dovecot to spit out the cleartext password when a
> user authenticates via POP or IMAP. Do you know of any such
> functionality?

(...)

Maybe this is worth reading:

http://wiki2.dovecot.org/HowTo/ConvertPasswordSchemes

Greetings,

-- 
Camaleón

Reply to:

Follow-Ups:
- Re: Changing email password storage format
  - From: Sebastian Schinzel <ssc@seecurity.org>

References:
- Changing email password storage format
  - From: Sebastian <debian@really-force.net>

Prev by Date: Re: systemd
Next by Date: Re: mysql-server 64 bit on a 32 bit lenny
Previous by thread: Re: Changing email password storage format
Next by thread: Re: Changing email password storage format
Index(es):
- Date
- Thread