On 12/5/2014 3:24 AM, ML mail wrote:
Hello,
I am wondering which variant is more secure for user authentication and
password scheme. Basically I am looking at both variants:
1) MD5-CRYPT password scheme storage with CRAM-MD5 auth mechanism
2) SHA512-CRYPT password scheme storage with PLAIN auth mechanism
In my opinion the option 2) should be safer although it is using PLAIN auth
mechanism. Of course I would always use STARTTLS and not allow unencrypted
connection.
What is your opinion?
Option 2 without hesitation.
MD5-CRYPT:
- is extremely weak
- was phased out as the default password hash long ago
- needs to die out
CRAM-MD5:
- is either redundant or insufficient
- is not universally supported
- limits your authentication backend options
