On 01/03/2012 09:40 PM Charles Marcus wrote: > Hi everyone, > > Was just perusing this article about how trivial it is to decrypt > passwords that are stored using most (standard) encryption methods (like > MD5), and was wondering - is it possible to use bcrypt with > dovecot+postfix+mysql (or posgres)?
Yes it is possible to use bcrypt with dovecot. Currently you have only to write your password scheme plugin. The bcrypt algorithm is described at http://en.wikipedia.org/wiki/Bcrypt. If you are using Dovecot >= 2.0 'doveadm pw' supports the schemes: *BSD: Blowfish-Crypt *Linux (since glibc 2.7): SHA-256-Crypt and SHA-512-Crypt Some distributions have also added support for Blowfish-Crypt See also: doveadm-pw(1) If you are using Dovecot < 2.0 you can also use any of the algorithms supported by your system's libc. But then you have to prefix the hashes with {CRYPT} - not {{BLF,SHA256,SHA512}-CRYPT}. Regards, Pascal -- The trapper recommends today: deadbeef.1200...@localdomain.org
