[Dovecot] PLAIN-MD5 password scheme with salt?

Timo Sirainen tss at iki.fi
Thu Feb 8 11:30:39 UTC 2007


On Wed, 2007-02-07 at 17:01 +0100, Steffen Weber wrote:
> 
> I'm storing passwords as MD5 hashes in a MySQL database and have 
> specified "default_pass_scheme = PLAIN-MD5" in dovecot-sql.conf.
> 
> Can Dovecot append or prepend a salt to a password before hashing
> them? 
> Because without salt the plaintext passwords can be restored from the 
> MD5 hashes using rainbow tables.

Yes, but then it's called SMD5 and not PLAIN-MD5. If you want to use
both of them at the same time, prefix all the existing passwords with
{PLAIN-MD5}.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20070208/dd5898e2/attachment.pgp 


More information about the dovecot mailing list