[Dovecot] Storing passwords encrypted... bcrypt?
rob0 at gmx.co.uk
Thu Jan 19 19:37:15 EET 2012
On Tue, Jan 17, 2012 at 12:22:35AM +0000, Ed W wrote:
> Note I personally believe there are valid reasons to store
> plaintext passwords - this seems to cause huge criticism due to
> the ensuing disaster which can happen if the database is pinched,
> but it does allow for enhanced security in the password exchange,
> so ultimately it depends on where your biggest risk lies...
Exactly. In any security decision, consider the threat model first.
There are too many kneejerk "secure" ideas in circulation.
http://rob0.nodns4.us/ -- system administration and consulting
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
More information about the dovecot