On 4/5/2013 11:36 PM, Jim Pazarena wrote:
I have just come to the realization that password encryption using the
crypt function in linux, ONLY USES THE FIRST 8 CHARS. I have written
routines using crypt allowing 16+ chars, and find that anything past 8
is ignored. Wow.
Is there a way around this that can be used in dovecot, as well as
encryption routines for an email front end? (not system users).
It's the integration with dovecot which is the most important.
Dovecot supports *many* password hashing algorithms. Switch to SHA512
if you want good security. Generally the system figures out what hash a
password is stored in, so you can mix and match. Set a default and all
new passwords plus whenever a user changes their password, will generate
a hash in the new format.
Dem
