David Murphy writes:
http://en.wikipedia.org/wiki/Salt_%28cryptography%29
So... what am I missing? If the hash was salted, it would seem the
hashes in the database would be longer than the ones generated at the
command line, but that isn't the case. I'm out of ideas. Any guidance
appreciated.
The hashes are salted, and that is why the hashes are different, even though
the same password is used. (Test it by using the output of "doveadm pw" and
plugging it into your test account).
The hashes ought to be the same length. The out would be proportional
to the length of your input password if the were encrypting, rathher
than hashing. But the length of the hash is consant + encoded(salt) +
encoded (hash(password)), all of which ought to be fixed lengths.
Joseph Tam <jtam.h...@gmail.com>
