[Dovecot] CRAM-MD5 Password Generation Algorithm

Douglas Willcocks douglas.willcocks at gmail.com
Sat Apr 12 01:41:55 EEST 2008


I'm just in the middle of setting up dovecot to serve IMAPS -- Actually
I've finished apart from one thing: CRAM-MD5 passwords.

I'm using SQL as a backend for the password storage, and I don't want to
store the passwords in plaintext. I've also configured dovecot to be rather
restrictive when it comes to authentication methods (only CRAM-MD5 is

To generate the passwords to go into the database I can use the dovecotpw
utility, but I'm wanting to stick some sort of minimal admin interface on
the server to be able to manage the users etc without having to use the

I've looked at the theoretical explanation of the hashing algorithm, and
I've read through the source code that dovecotpw uses to generate the
passwords with the intent of creating a higher level language library
(Perl, Ruby, PHP ... whatever)) to generate passwords, but I don't seem to
be able to replicate the functionality, and there don't seem to be any
existing libraries that generate consistent results (that I've found).

I don't have that much experience with C, and so I'm sure that I must have
misunderstood how dovecotpw does its stuff. Perhaps someone could explain
how the algorithm works? Or point me in the right direction?

Douglas Willcocks

More information about the dovecot mailing list