I’m thinking of using dbmail in production. One issue I’m having is that it
doesn’t seem to support salted SHA512 passwords. In my other PHP apps, I use
PHP crypt to generate salted passwords:
$salt=md5(microtime());
$hash=crypt($password, '$6$'.$salt);
Any chance dbmail could add support for CRYPT_SHA512 password type in the next
version of dbmail?
I’m no expert at these things, but I’m worried someone will gain access to my
dbmail users table and be able to crack a bunch of passwords faster because the
dbmail passwords aren’t salted.
Or, am I wrong? I looked at the mhash package that dbmail uses to encrypt
passwords, but it doesn’t seem to be too actively maintained. Maybe dbmail
could switch over to whatever crypt library that PHP uses? It would help if I
could generate passwords from PHP and update the dbmail db directly for account
maintenance.
_______________________________________________
DBmail mailing list
DBmail@dbmail.org
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail
